Read the official Contao announcements.
TYPOlight 2.4.7 is available
by Leo Feyer – Announcements
TYPOlight version 2.4.7 is available. The new build includes an important security fix in the back end preview script, therefore you should make sure to update your installation.
What shall I do to fix the security hole?
Upgrade your TYPOlight installation to the latest version (2.4.7) which includes a patch. You can either use the TYPOlight live update or download the files from github.com.
Is it likely that my installation has been hacked?
It is very unlikely that your installation has been hacked before the security hole has been made public on October 11th. Unfortunately, there is pretty detailed description how to exploit the security hole on secunia.com, so if you have not updated your installation on October 11th, it is possible that somebody has tried to hack your installation.
What shall I do if my installation has been hacked?
If you believe that somebody has hacked your website, you should at least change your database password. If you are using FTP to modify files (safe mode hack), you should also change your FTP password and if you are using SMTP to send e-mails, you should also change the SMTP password.
Download this release from github.com.