Bernhard Kraft

Name of the Vulnerable Software and Affected Versions: TYPO3 Direct Mail extension versions prior to 3.1.2 Description: The issue allows remote attackers to obtain sensitive information due to improper checking of authentication codes. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.0 through 4.5.31 TYPO3 versions 4.7.0 through 4.7.16 TYPO3 versions 6.0.0 through 6.0.11 **Description** The issue in the creating record functionality of the Extension table administration library allows remote attackers to write to arbitrary fields in the configuration database table via crafted links. This is related to a "Mass Assignment" issue. **Recommendations** For versions 4.5.0 through 4.5.31, update to a version outside of this range to resolve the issue. For versions 4.7.0 through 4.7.16, update to a version outside of this range to resolve the issue. For versions 6.0.0 through 6.0.11, update to a version outside of this range to resolve the issue.