Monday, 23 February 2015

TYPO3 Warns Of Critical Vulnerability In CMS


The developers of the popular content management system (CMS) TYPO3 have warned of a critical flaw in the software that only can be logged in with a user name. To also carry out the attack, the CMS software must be set in a certain way.

The system extension must "rsaauth" are loaded and configured in a particular way for frontend use. Furthermore, there must be a vulnerable CMS version installed. The leak, which has not yet CVE number, is present in versions 4.3.0 t / m 4.3.14, 4.4.0 t / m 4.4.15, 4.5.0 t / m 5.4.39 and 4.6.0 t / m 04/06/18. Users have strongly advised to upgrade to 5.4.40 or use a specially crafted shell script that vulnerable TYPO3 versions patches.

No comments:

Post a Comment