CVE-2024-45232
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2024-45232 is a vulnerability in the powermail extension for TYPO3, specifically affecting versions prior to 12.3.5, which fails to properly validate the mail parameter of the confirmationAction, leading to an Insecure Direct Object Reference (IDOR). This allows unauthenticated attackers to access user-submitted data from all forms stored by the extension, particularly when form data saving is enabled by default. To remediate this issue, users should upgrade to fixed versions 7.5.0, 8.5.0, 10.9.0, or 12.4.0. The vulnerability has a CVSS base score of 7.3 and is rated as high severity, indicating potential risks to confidentiality and integrity despite low impacts on availability and integrity. Organizations utilizing affected products should prioritize applying the necessary updates to mitigate potential data exposure risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.