cbcvebase.

In2Code Powermail vulnerabilities

10 known vulnerabilities affecting in2code/powermail.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-45233P2CRITICALCVSS 9.8fixed in 7.5.0≥ 8.0.0, < 8.5.0+2 more2024-08-29
CVE-2024-45233 [CRITICAL] CWE-284 CVE-2024-45233: An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the Outp An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to ed
ghsanvdosv
CVE-2024-47047P3HIGHCVSS 7.5≤ 7.5.0≥ 8.0.0, ≤ 8.5.0+2 more2024-09-17
CVE-2024-47047 [HIGH] CWE-639 CVE-2024-47047: An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate th An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.
ghsanvdosv
CVE-2014-3947P3HIGH≥ 0, < 1.6.11≥ 2.0.0, < 2.0.142022-05-17
CVE-2014-3947 [HIGH] CWE-94 TYPO3 powermail extension has unrestricted file upload vulnerability TYPO3 powermail extension has unrestricted file upload vulnerability Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
ghsaosv
CVE-2014-6288P3MEDIUM≥ 2.0.0, < 2.0.112022-05-17
CVE-2014-6288 [MEDIUM] CWE-287 TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
ghsaosv
CVE-2025-7899P3MEDIUM≥ 12.0.0, < 12.5.3≥ 13.0.0, < 13.0.12025-07-22
CVE-2025-7899 [MEDIUM] CWE-639 Powermail extension for TYPO3 allows Insecure Direct Object Reference Powermail extension for TYPO3 allows Insecure Direct Object Reference The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0.
ghsaosv
CVE-2010-3604P3HIGH≥ 0, < 1.5.42022-05-17
CVE-2010-3604 [HIGH] CWE-89 powermail extension for TYPO3 vulnerable to SQL Injection powermail extension for TYPO3 vulnerable to SQL Injection SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
ghsaosv
CVE-2010-0329P3HIGH≥ 0, < 1.5.22022-05-02
CVE-2010-0329 [HIGH] CWE-89 TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
ghsaosv
CVE-2024-45232P4MEDIUMCVSS 5.3fixed in 7.5.0≥ 8.0.0, < 8.5.0+2 more2024-08-29
CVE-2024-45232 [MEDIUM] CWE-639 CVE-2024-45232: An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the ma An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the exte
ghsanvdosv
CVE-2008-2182P4MEDIUMCVSS 4.3fixed in 1.1.102008-05-13
CVE-2008-2182 [MEDIUM] CWE-79 CVE-2008-2182: Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows r Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-5889P4LOW≥ 0, < 1.6.52022-05-17
CVE-2012-5889 [LOW] CWE-79 powermail extension for TYPO3 has Cross-site Scripting vulnerability powermail extension for TYPO3 has Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
In2Code Powermail vulnerabilities | cvebase