TYPO3-EXT-SA-2012-001: Several Vulnerabilities in Third-Party Extensions Key Information: Release Date: February 2, 2012 Vulnerable Extensions: css_filelinks, terminal, beuserswitch, rtg_files, irfaq, skt_eurocalc, jftcaforms, bc_post2facebook, aeurltool, mv_cooking, toi_category, ajado_facebook Summary of Vulnerabilities: Vulnerability Types: SQL Injection, Cross-Site Scripting, Information Disclosure, Arbitrary Code Execution Affected Extensions with Solutions: 1. mv_cooking - Affected Versions: 0.4.0 and all versions below - Vulnerability: SQL Injection - Severity: Critical - Solution: Update to version 0.4.1 or later. 2. toi_category - Affected Versions: 0.6.0 and all versions below - Vulnerabilities: SQL Injection, Cross-Site Scripting - Severity: Critical 3. mm_whttppr - Affected Versions: 0.0.4 and all versions below - Vulnerability: SQL Injection - Severity: Critical 4. rtg_files - Affected Versions: 1.5.1 and all versions below - Vulnerabilities: Cross-Site Scripting, SQL Injection - Severity: High 5. bc_post2facebook - Affected Versions: 0.2.1 and all versions below - Vulnerabilities: Cross-Site Scripting, SQL Injection - Severity: High 6. systuils - Affected Versions: 1.0.3 and all versions below - Vulnerability: Information Disclosure - Severity: High 7. typo3_webservice - Affected Versions: 0.3.7 and all versions below - Vulnerability: Arbitrary Code Execution - Severity: High ... General Advice: Follow the TYPO3 Security Guide. Subscribe to the typo3-announce mailing list for future Security Bulletins.