CVE-2010-3604 – in2code/powermail

Package

Manager: composer
Name: in2code/powermail
Vulnerable Version: >=0 <1.5.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00413 pctl0.60719

Details

powermail extension for TYPO3 vulnerable to SQL Injection SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Metadata

Created: 2022-05-17T05:48:05Z
Modified: 2025-04-12T01:41:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rp53-fw29-rxg3/GHSA-rp53-fw29-rxg3.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-rp53-fw29-rxg3
Finding: F297
Auto approve: 1