TYPO3 Security Bulletin

Mon. 14th November, 2005

Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.

This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-security-bulletin-24/