TYPO3 mm_forum Extension Multiple Security Vulnerabilites
BID:69651
Info
TYPO3 mm_forum Extension Multiple Security Vulnerabilites
| Bugtraq ID: | 69651 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-6297 CVE-2014-6298 CVE-2014-6299 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2014 12:00AM |
| Updated: | Sep 12 2014 12:24AM |
| Credit: | Michael Knabe and Stano Paska |
| Vulnerable: |
Typo3 mm_forum 1.8.3 Typo3 mm_forum 1.8.2 |
| Not Vulnerable: | |
Discussion
TYPO3 mm_forum Extension Multiple Security Vulnerabilites
TYPO3 mm_forum extension is prone to the following security vulnerabilities:
1. An unspecified cross-site scripting vulnerability.
2. An unspecified arbitrary-code execution vulnerability.
3. An unspecified cross-site request-forgery vulnerability.
An attacker may leverage these issues to perform certain administrative actions, execute arbitrary code, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
TYPO3 mm_forum 1.9.2 and earlier versions are vulnerable.
TYPO3 mm_forum extension is prone to the following security vulnerabilities:
1. An unspecified cross-site scripting vulnerability.
2. An unspecified arbitrary-code execution vulnerability.
3. An unspecified cross-site request-forgery vulnerability.
An attacker may leverage these issues to perform certain administrative actions, execute arbitrary code, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
TYPO3 mm_forum 1.9.2 and earlier versions are vulnerable.
Exploit / POC
TYPO3 mm_forum Extension Multiple Security Vulnerabilites
An attacker can exploit these issues using a web browser. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
An attacker can exploit these issues using a web browser. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
Solution / Fix
TYPO3 mm_forum Extension Multiple Security Vulnerabilites
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.