Monday, 23 February 2015

TYPO3 Warns Of Critical Vulnerability In CMS

The developers of the popular content management system (CMS) TYPO3 have warned of a critical flaw in the software that only can be logged in with a user name. To also carry out the attack, the CMS software must be set in a certain way.

The system extension must "rsaauth" are loaded and configured in a particular way for frontend use. Furthermore, there must be a vulnerable CMS version installed. The leak, which has not yet CVE number, is present in versions 4.3.0 t / m 4.3.14, 4.4.0 t / m 4.4.15, 4.5.0 t / m 5.4.39 and 4.6.0 t / m 04/06/18. Users have strongly advised to upgrade to 5.4.40 or use a specially crafted shell script that vulnerable TYPO3 versions patches.

1 comment:

  1. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in Typo3, kindly contact us
    MaxMunus Offer World Class Virtual Instructor led training on Typo3. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us:
    Name : Arunkumar U
    Email :
    Skype id: training_maxmunus
    Contact No.-+91-9738507310
    Company Website –