Thomas Deuling

**Name of the Vulnerable Software and Affected Versions** TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 **Description** An improper authentication issue exists in the TYPO3 Extension "Modules". The issue relates to authentication mechanisms within the extension. **Recommendations** Update TYPO3 Extension "Modules" to version 4.3.11 or later. Update TYPO3 Extension "Modules" to version 5.7.4 or later. Update TYPO3 Extension "Modules" to version 6.4.2 or later. Update TYPO3 Extension "Modules" to version 7.5.5 or later.

**Name of the Vulnerable Software and Affected Versions** view statistics extension versions prior to 2.0.1 for TYPO3 **Description** An issue in the view statistics extension saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data, such as cleartext passwords if ext:felogin is installed, may be saved. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the view statistics extension until a patch is available. Restrict access to sensitive data and consider removing any saved sensitive information from the database.