CVE-2009-0257

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.0 through 4.0.9 TYPO3 versions 4.1.0 through 4.1.7 TYPO3 versions 4.2.0 through 4.2.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via the name and content of indexed files to the Indexed Search Engine system extension, unspecified test scripts in the ADOdb system extension, and unspecified vectors in the Workspace module. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.

Recommendations For versions 4.0.0 through 4.0.9, consider disabling the Indexed Search Engine system extension and restricting access to the ADOdb system extension until a patch is available. For versions 4.1.0 through 4.1.7, restrict access to the Workspace module and avoid using the name and content variables in the Indexed Search Engine system extension until the issue is resolved. For versions 4.2.0 through 4.2.3, as a temporary workaround, consider disabling the unspecified test scripts in the ADOdb system extension until a patch is available.