CVE-2010-0329 – in2code/powermail

Package

Manager: composer
Name: in2code/powermail
Vulnerable Version: >=0 <1.5.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

EPSS: 0.00397 pctl0.59747

Details

TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."

Metadata

Created: 2022-05-02T06:11:45Z
Modified: 2025-04-10T12:23:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mgw4-gv3f-g57j/GHSA-mgw4-gv3f-g57j.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-mgw4-gv3f-g57j
Finding: F297
Auto approve: 1