Lucene search

K
cvelistMitreCVELIST:CVE-2024-47047
HistorySep 17, 2024 - 12:00 a.m.

CVE-2024-47047

2024-09-1700:00:00
mitre
www.cve.org
1
typo3
powermail
extension
vulnerability
unauthenticated
attacker
user-submitted
data
forms

EPSS

0.001

Percentile

37.7%

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1.

EPSS

0.001

Percentile

37.7%

Related for CVELIST:CVE-2024-47047