Vulnerabilities reported in Typo3 (CVE-2010-3604)

Typo3 is a well-known CMS built in PHP. A customer asked us to audit the code and try to find vulnerabilities in the CMS core and in some of its extensions. We reported several vulnerabilities to the Typo3 security team. Some of them were published in a security bulletin, while others had already been reported but were not published at the time.