Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

TYPO3 powermail Extension Multiple Input Validation Vulnerabilities

http://www.securityfocus.com/bid/54936

Security Info

Bugtraq ID: 54936
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 09 2012 12:00AM
Updated: Aug 09 2012 12:00AM
Credit: Helmut Hummel and TYPO3 Security Team
Vulnerable:
Not Vulnerable:

Security Discussion

The TYPO3 powermail extension is prone to a cross-site scripting vulnerability, an SQL-injection vulnerability, and a file upload vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to upload and execute PHP arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 powermail versions prior to 1.6.9 are vulnerable.

Proof of Concept and Security Exploits

An attacker can exploit these issues through a browser.

Security Solution(s)

Solution:
Vendor updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 18, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services