Lucene search
MitreVULNRICHMENT:CVE-2024-47047HistorySep 17, 2024 - 12:00 a.m.
CVE-2024-47047
2024-09-1700:00:00
mitre
github.com
typo3
powermail extension
idor
insecure direct object reference
unauthenticated
vulnerability
AI Score
7
Confidence
High
EPSS
0.001
Percentile
37.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1.
Related
github
github
powermail TYPO3 extension has Insecure Direct Object Reference
2024-09-17 15:31:23
friendsofphp
friendsofphp
osv
osv
powermail TYPO3 extension has Insecure Direct Object Reference
2024-09-17 15:31:23
cvelist
cvelist
CVE-2024-47047
2024-09-17 00:00:00
nvd
nvd
CVE-2024-47047
2024-09-17 14:15:17
cve
cve
CVE-2024-47047
2024-09-17 14:15:17
AI Score
7
Confidence
High
EPSS
0.001
Percentile
37.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-47047