CVE-2014-3947 – in2code/powermail

Package

Manager: composer
Name: in2code/powermail
Vulnerable Version: >=0 <1.6.11 || >=2.0.0 <2.0.14

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.01727 pctl0.81701

Details

TYPO3 powermail extension has unrestricted file upload vulnerability Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.

Metadata

Created: 2022-05-17T04:31:13Z
Modified: 2025-04-14T17:02:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m278-c6gg-4jrr/GHSA-m278-c6gg-4jrr.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-m278-c6gg-4jrr
Finding: F422
Auto approve: 1