Lucene search
MitreCVELIST:CVE-2024-45232HistoryAug 28, 2024 - 12:00 a.m.
CVE-2024-45232
2024-08-2800:00:00
mitre
www.cve.org
typo3
powermail extension
insecure direct object reference
unauthenticated attacker
user-submitted data
EPSS
0.001
Percentile
17.7%
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0
Related
github
github
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
2024-08-29 17:59:02
cve
cve
CVE-2024-45232
2024-08-29 00:15:09
friendsofphp
friendsofphp
TYPO3-EXT-SA-2024-006: Multiple vulnerabilities in "powermail" (powermail)
2024-08-27 06:55:00
vulnrichment
vulnrichment
CVE-2024-45232
2024-08-28 00:00:00
osv
osv
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
2024-08-29 17:59:02
veracode
veracode
Insecure Direct Object Reference (IDOR)
2024-08-30 07:37:03
nvd
nvd
CVE-2024-45232
2024-08-29 00:15:09