Powermail
CVE-2014-3947
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
AnalysisAI
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors. Affected products include: Alex Kellner Powermail. Version information: before 1.6.11.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Rated critical severity (CVSS 9.8), this vulner
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism v
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. Rated high severity (CVSS 7.5), this vulner
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Rated medium severity (CVSS 5.3), this vulnerab
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension befo
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to in
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today