Wed. 11th June, 2008
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-20080611-1