Rupert Germann

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.0 through 4.5.31 TYPO3 versions 4.7.0 through 4.7.16 TYPO3 versions 6.0.0 through 6.0.11 TYPO3 versions 6.1.0 through 6.1.6 **Description** The issue allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." **Recommendations** For versions 4.5.0 through 4.5.31, update to a version outside of this range to mitigate the risk. For versions 4.7.0 through 4.7.16, update to a version outside of this range to mitigate the risk. For versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk. For versions 6.1.0 through 6.1.6, update to a version outside of this range to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Car extension version 0.1.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 File list (dr blob) extension version 2.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For version 2.1.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 XDS Staff List (xds staff) extension version 0.0.3 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.0.3 and earlier, update to a version later than 0.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension danp documentdirs versions 1.10.7 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.10.7 and earlier, update to a version later than 1.10.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Random Prayer 2 (ste prayer2) extension versions 0.0.3 and earlier for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.0.3 and earlier, update to a version later than 0.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Random Prayer 2 (ste prayer2) extension versions 0.0.3 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 0.0.3 and earlier, update to a version later than 0.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension pd resources versions 0.1.1 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension pd resources versions 0.1.1 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions 0.1.1 and earlier, update to a version later than 0.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Parish of the Holy Spirit Religious Art Gallery (hs religiousartgallery) extension versions 0.1.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 0.1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 hs religiousartgallery extension versions 0.1.2 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension ste parish admin versions 0.1.3 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions 0.1.3 and earlier, update to a version later than 0.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 ste parish admin extension versions 0.1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.3 and earlier, update to a version later than 0.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ListMan (nl listman) extension version 1.2.1 for TYPO3 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially affecting the security of the system. **Recommendations** For ListMan (nl listman) extension version 1.2.1, consider disabling the extension until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Watchdog (aba watchdog) extension version 2.0.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information. The exact attack vectors are not specified. **Recommendations** For versions 2.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Flash SlideShow (slideshow) extension version 0.2.2 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Flash SlideShow (slideshow) extension version 0.2.2, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Subscription (mf subscription) extension version 0.2.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No indexed Search (no indexed search) extension version 0.2.0 for TYPO3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For No indexed Search (no indexed search) extension version 0.2.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 No indexed Search (no indexed search) extension version 0.2.0 **Description** A SQL injection issue in the No indexed Search extension for TYPO3 allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Job Exchange (jobexchange) extension version 0.0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.0.3, update to a newer version that contains a fix for this issue.