This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Typo Security Team reports :
Extbase Framework - Failing to sanitize user input, the Extbase
database abstraction layer is susceptible to SQL Injection. TYPO3
sites which have no Extbase extensions installed are not affected.
Extbase extensions are affected if they use the Query Object Model and
relation values are user generated input. Credits go to Helmut Hummel
and Markus Opahle who discovered and reported the issue.
Access tracking mechanism - Failing to validate user provided input,
the access tracking mechanism allows redirects to arbitrary URLs. To
fix this vulnerability, we had to break existing behaviour of TYPO3
sites that use the access tracking mechanism (jumpurl feature) to
transform links to external sites. The link generation has been
changed to include a hash that is checked before redirecting to an
external URL. This means that old links that have been distributed
(e.g. by a newsletter) will not work any more.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now