3 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the downloadFile function in the ModuleController.php file, which fails to validate the query parameter file. An authenticated attacker with access to the backend module can access...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper validation of the mail parameter in the createAction process. An unauthenticated attacker can display user-submitted data of all forms persisted by the extension. Note This vulnerability can onl...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file upload functionality. An attacker can execute arbitrary code by uploading a file with a crafted extension and then accessing it through unspecified vectors. Remediation Upgrade in2code/powermail to...