TYPO3 Security Bulletin

Mon. 10th October, 2005

A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version (fe_rtenews) is derived from fe_news, it is affected as well.

This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-20051010-10