LatestUpdates

Contact Ameccaz if you need a Proof Of Concept
Contact Ameccaz if you need a Proof Of Concept
(dmmjobcontrol) is a TYPO3 extension for showing jobs ("vacancies") on your website. It provides a list- and detail view and the ability to search and apply for jobs. It can even make RSS feeds of your joblist.

Vulnerability description:

1) Unauthenticated Blind SQL Injection dmmjobcontrol provides a search function for the job database. Several input fields (for example education, region, sector) are used without proper sanitization to create the SELECT statement of the search query.

2) Reflected Cross Site Scripting (XSS) The value of the "keyword" parameter is used without any sanitization to create the html response of the search request. This can be abused to inject malicious HTML/JavaScript code into the HTML response.
Contact Ameccaz if you need a Proof Of Concept
Contact Ameccaz if you need a Proof Of Concept

If your system is configured with a email client (Microsoft Outlook) then please fill in the form below or alternatively you can send an email to info@ameccaz.com