Allele Security Alert
ASA-2019-00586
Identifier(s)
ASA-2019-00586, CVE-2019-16682, EXT-SA-2019-015
Title
SQL Injection
Vendor(s)
Stefan Froemken
Product(s)
TYPO3 extension URL redirect (url_redirect)
Affected version(s)
TYPO3 extension URL redirect (url_redirect) versions before 1.2.2
Fixed version(s)
TYPO3 extension URL redirect (url_redirect) version 1.2.2
Proof of concept
Unknown
Description
The extension fails to properly sanitize user input and is susceptible to SQL Injection.
Technical details
Unknown
Credits
Daniel Goerz
Reference(s)
SQL Injection in extension “URL redirect” (url_redirect)
https://typo3.org/security/advisory/typo3-ext-sa-2019-015/
URL redirect (url_redirect)
https://extensions.typo3.org/extension/url_redirect/
[TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions
http://lists.typo3.org/pipermail/typo3-announce/2019/000452.html
CVE-2019-16682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16682
CVE-2019-16682
https://nvd.nist.gov/vuln/detail/CVE-2019-16682
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 22, 2019