Project

General

Profile

Actions

Bug #22664

closed

XSS in Install tool

Added by Helmut Hummel almost 14 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
-
Target version:
-
Start date:
2010-05-17
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

  • database parameters of the install tool (1: Basic configuration)
  • Parameter TTFdpi when displayed on page (4: Image processing)
  • Parameter im_path_lzw when displayed on page (4: Image processing)
  • Parameter TYPO3_INSTALL[update][changeCompatibilityVersion]
    [version] in
    (3: Update wizard)

OTRS: 2009092910000029
(issue imported from #M14402)


Files

14402_43.patch (10.6 KB) 14402_43.patch Administrator Admin, 2010-07-17 17:39
14402_42.patch (11 KB) 14402_42.patch Administrator Admin, 2010-07-17 17:39
14402_41.patch (11 KB) 14402_41.patch Administrator Admin, 2010-07-17 17:39
14402_44.patch (9.07 KB) 14402_44.patch Administrator Admin, 2010-07-17 17:50
14402_trunk.patch (9.07 KB) 14402_trunk.patch Administrator Admin, 2010-07-17 17:50
14402_v2_trunk.patch (9.07 KB) 14402_v2_trunk.patch Administrator Admin, 2010-12-02 20:14
14402_v2_44.patch (9.07 KB) 14402_v2_44.patch Administrator Admin, 2010-12-02 20:14
14402_v2_43.patch (10.6 KB) 14402_v2_43.patch Administrator Admin, 2010-12-02 20:14
14402_v2_42.patch (11 KB) 14402_v2_42.patch Administrator Admin, 2010-12-02 20:14
14402_45_v3.patch (9.08 KB) 14402_45_v3.patch Administrator Admin, 2010-12-14 16:14
Actions #1

Updated by Benni Mack over 13 years ago

Hey Sec team,

please give me feedback if I did it right or if I missed something.

I only found these issues in 4.3 and lower. For 4.4 and trunk, only the issues in typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php might apply.

Actions #2

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF