Home > Vulnerability Database > CVE-2024-45233

Mend.io Vulnerability Database

CVE-2024-45233

Good to know:

Date: August 27, 2024

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.

Language: PHP

Severity Score

9.8

Related Resources (8)

Url: https://github.com/in2code-de/powermail/commit/f56f8eefe151ad67cbd32c21f1106953b8e4f19f

Url: https://typo3.org/security/advisory/typo3-ext-sa-2024-006

Url: https://github.com/in2code-de/powermail/commit/6e94ec5e0c7b553c467b826df1b922db6c2ad08e

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45233

Url: https://github.com/in2code-de/powermail/commit/04a010c4009202e8e1b4c72accd4d7b2771b80b3

Url: https://github.com/in2code-de/powermail/commit/2c8a1bf7669eb0661e8a93164f57e4b653ac3408

Url: https://github.com/in2code-de/powermail

Url: https://www.mend.io/vulnerability-database/CVE-2024-45233

Severity Score

9.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version in2code/powermail-7.5.0,8.5.0,10.9.0,12.4.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45233

Good to know:

Date: August 27, 2024

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?