Critical security issue in Typo3 core – all versions
A very serious security issue has been discovered in Typo3 core, all versions including 4.2.5 are affected. According to some this is the most critical security breach in Typo3 ever discovered. The vulnerability allows attackers to “download the contents of any file on the server, i.e. typo3conf/localconf.php, which holds both install tool password alongside database username and password“.
There is a fix, Typo3 version 4.2.6. which is available as of today. And there are also other solutions and patches, read carefully the security bulletin and fix your Typo3 installation if you care for your files, passwords and other data on your webserver.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.