An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
References
Link | Resource |
---|---|
https://typo3.org/security/advisory/typo3-ext-sa-2024-006 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Aug 2024, 16:33
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References | () https://typo3.org/security/advisory/typo3-ext-sa-2024-006 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:in2code:powermail:*:*:*:*:*:typo3:*:* | |
First Time |
In2code
In2code powermail |
29 Aug 2024, 20:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
CWE | CWE-284 |
29 Aug 2024, 13:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Aug 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-29 00:15
Updated : 2024-08-30 16:33
NVD link : CVE-2024-45233
Mitre link : CVE-2024-45233
CVE.ORG link : CVE-2024-45233
JSON object : View
Products Affected
in2code
- powermail
CWE