=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN159
_____________________________________________________________________

DATE                      : 06/05/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running MailformPlus with TYPO3.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-20080505-1/
______________________________________________________________________

TYPO3 Security Bulletin TYPO3-20080505-1: Multiple vulnerabilities in
extension MailformPlus (th_mailformplus)

Component Type: Third party extension. This extension is not part of
the TYPO3 default installation.

Affected Versions: Version 4.0.3 and below

Vulnerability Type: Cross Site Scripting, Remote Code Execution

Severity: HIGH

Problem Description: Failing to filter user input the extension is
susceptible to Cross Site Scripting (XSS) making it possible to execute
arbitrary JavaScript. When using upload forms with this extension, it is
possible to execute arbitrary PHP script code due to insufficient file
filtering.

Solution: An updated version is available from the TYPO3 extension 
manager and at 
http://typo3.org/extensions/repository/view/th_mailformplus/4.0.4/.

At the time of writing, the most recent version of MailformPlus is
version 4.0.7 which is available at 
http://typo3.org/extensions/repository/view/th_mailformplus/4.0.7/.

General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
to receive future Security Bulletins via E-mail.

Credits: Credits go to security team member Marcus Krause, who
discovered the issue. Furthermore the TYPO3 Security Team wishes to
thank the guys at Typoheads GmbH. After being informed by the TYPO3
Security Team about the presence of security issues, they have fixed the
issues quickly.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================