In2Code Powermail vulnerabilities
10 known vulnerabilities affecting in2code/powermail.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-45233P2CRITICALCVSS 9.8fixed in 7.5.0≥ 8.0.0, < 8.5.0+2 more2024-08-29
CVE-2024-45233 [CRITICAL] CWE-284 CVE-2024-45233: An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the Outp
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to ed
ghsanvdosv
CVE-2024-47047P3HIGHCVSS 7.5≤ 7.5.0≥ 8.0.0, ≤ 8.5.0+2 more2024-09-17
CVE-2024-47047 [HIGH] CWE-639 CVE-2024-47047: An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate th
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.
ghsanvdosv
CVE-2014-3947P3HIGH≥ 0, < 1.6.11≥ 2.0.0, < 2.0.142022-05-17
CVE-2014-3947 [HIGH] CWE-94 TYPO3 powermail extension has unrestricted file upload vulnerability
TYPO3 powermail extension has unrestricted file upload vulnerability
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
ghsaosv
CVE-2014-6288P3MEDIUM≥ 2.0.0, < 2.0.112022-05-17
CVE-2014-6288 [MEDIUM] CWE-287 TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
ghsaosv
CVE-2025-7899P3MEDIUM≥ 12.0.0, < 12.5.3≥ 13.0.0, < 13.0.12025-07-22
CVE-2025-7899 [MEDIUM] CWE-639 Powermail extension for TYPO3 allows Insecure Direct Object Reference
Powermail extension for TYPO3 allows Insecure Direct Object Reference
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0.
ghsaosv
CVE-2010-3604P3HIGH≥ 0, < 1.5.42022-05-17
CVE-2010-3604 [HIGH] CWE-89 powermail extension for TYPO3 vulnerable to SQL Injection
powermail extension for TYPO3 vulnerable to SQL Injection
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
ghsaosv
CVE-2010-0329P3HIGH≥ 0, < 1.5.22022-05-02
CVE-2010-0329 [HIGH] CWE-89 TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
ghsaosv
CVE-2024-45232P4MEDIUMCVSS 5.3fixed in 7.5.0≥ 8.0.0, < 8.5.0+2 more2024-08-29
CVE-2024-45232 [MEDIUM] CWE-639 CVE-2024-45232: An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the ma
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the exte
ghsanvdosv
CVE-2008-2182P4MEDIUMCVSS 4.3fixed in 1.1.102008-05-13
CVE-2008-2182 [MEDIUM] CWE-79 CVE-2008-2182: Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows r
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-5889P4LOW≥ 0, < 1.6.52022-05-17
CVE-2012-5889 [LOW] CWE-79 powermail extension for TYPO3 has Cross-site Scripting vulnerability
powermail extension for TYPO3 has Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv