in2code/powermail
Packagist9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting in2code/powermailpage 1 of 1
- CVE-2010-0329NONECVSS 0.0EG 0.0✓ Fixed in 1.5.22010-01-15
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
- CVE-2010-3604NONECVSS 0.0EG 0.0✓ Fixed in 1.5.42010-09-24
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2012-5889NONECVSS 0.0EG 0.0✓ Fixed in 1.6.52012-11-17
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-3947NONECVSS 0.0EG 0.0✓ Fixed in 2.0.142014-10-03
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecifi…
- CVE-2014-6288NONECVSS 0.0EG 0.0✓ Fixed in 2.0.112014-10-03
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
- CVE-2024-45232MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.5.02024-08-29
vulnerable: 3.10.0 ... 7.4.4 (65 versions)
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to d…
- CVE-2024-45233CRITICALCVSS 9.8EG 9.8✓ Fixed in 12.4.02024-08-29
vulnerable: 11.0.0 ... 12.3.5 (18 versions)
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depend…
- CVE-2024-47047HIGHCVSS 7.5EG 7.5✓ Fixed in 12.4.12024-09-17
vulnerable: 12.0.0 ... 12.4.0 (15 versions)
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attac…
- CVE-2025-7899MEDIUMCVSS 6.0EG 0.0✓ Fixed in 13.0.12025-07-22
vulnerable: 13.0.0
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0
Check whether in2code/powermail is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for in2code/powermail CVEs against the assets you own.
Start Free Scan →