CVE-2024-45233

NVD Published Date: August 29, 2024 at 12:15 AM
NVD Last Modified: August 30, 2024 at 04:33 PM
Download Patch
Vulnerability ID
CVE-2024-45233
Severity
CRITICAL
Severity Score
9.8
Summary
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
NVD-CWE-Other

Recent Publish

CVE-2024-45232

CVE-2024-8250

CVE-2024-45436

CVE-2024-7857

CVE-2024-45435

CVE-2024-41918

See SecOps Solution
in action

Schedule Demo