CVE-2025-7899

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...

PT-2024-31490 · Typo3 · Powermail

Name of the Vulnerable Software and Affected Versions: powermail extension versions prior to 7.5.0 powermail extension versions prior to 8.5.0 powermail extension versions prior to 10.9.0 powermail extension versions prior to 12.4.0 Description: An issue was discovered in the powermail extension...

TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism

The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors...