Mon. 10th October, 2005
A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version (fe_rtenews) is derived from fe_news, it is affected as well.
This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-security-bulletin-30/