Lucene search
MitreCVELIST:CVE-2024-45233HistoryAug 28, 2024 - 12:00 a.m.
CVE-2024-45233
2024-08-2800:00:00
mitre
www.cve.org
access control vulnerability
powermail extension
typo3
unauthenticated attackers
form data manipulation
EPSS
0.001
Percentile
39.6%
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
Related
github
github
Powermail TYPO3 extension Broken Access Control in the OutputController
2024-08-29 00:31:35
veracode
veracode
Broken Access Control
2024-08-30 07:26:08
vulnrichment
vulnrichment
CVE-2024-45233
2024-08-28 00:00:00
cve
cve
CVE-2024-45233
2024-08-29 00:15:09
osv
osv
Powermail TYPO3 extension Broken Access Control in the OutputController
2024-08-29 00:31:35
nvd
nvd
CVE-2024-45233
2024-08-29 00:15:09