Critical vulnerabilities in TYPO3

In a security bulletin, the developers of TYPO3 have announced that they have found and closed a number of critical vulnerabilities in the TYPO3 content management system. The holes include XSS, SQL injection, redirection and arbitrary code execution vulnerabilities.

TYPO3 administrators are advised to upgrade to versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1, where the issues are fixed. These releases are available from the TYPO3 web site.

See also:

• TYPO3 Security Bulletin TYPO3-SA-2010-012: Multiple vulnerabilities in TYPO3 Core

(djwm)