Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2024-47047
HistorySep 17, 2024 - 12:00 a.m.

CVE-2024-47047

2024-09-1700:00:00
mitre
www.cve.org
1
typo3
powermail
extension
vulnerability
unauthenticated
attacker
user-submitted
data
forms

EPSS

0.001

Percentile

37.7%

JSON

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1.

Related

github 1
nvd 1
friendsofphp 1
osv 1
vulnrichment 1
cve 1
github
github
powermail TYPO3 extension has Insecure Direct Object Reference
2024-09-17 15:31:23
nvd
nvd
CVE-2024-47047
2024-09-17 14:15:17
friendsofphp
friendsofphp
TYPO3-EXT-SA-2024-007: Insecure Direct Object Reference in extension "powermail" (powermail)
2024-09-17 08:41:00
osv
osv
powermail TYPO3 extension has Insecure Direct Object Reference
2024-09-17 15:31:23
vulnrichment
vulnrichment
CVE-2024-47047
2024-09-17 00:00:00
cve
cve
CVE-2024-47047
2024-09-17 14:15:17

EPSS

0.001

Percentile

37.7%

JSON
Related for CVELIST:CVE-2024-47047
github1nvd1friendsofphp1osv1vulnrichment1cve1