Wed. 25th September, 2013
It has been discovered that the extension "RealURL: speaking paths for TYPO3" (realurl) is vulnerable to SQL-Injection.
This is a companion discussion topic for the original entry at https://typo3.org/article/sql-injection-vulnerability-in-extension-realurl-speaking-paths-for-typo3-realurl/