CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

PT-2024-31490 · Typo3 · Powermail

Name of the Vulnerable Software and Affected Versions: powermail extension versions prior to 7.5.0 powermail extension versions prior to 8.5.0 powermail extension versions prior to 10.9.0 powermail extension versions prior to 12.4.0 Description: An issue was discovered in the powermail extension...