CVE-2024-45233

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Aug 29, 2024
Updated: Aug 30, 2024
CWE ID 284

Summary

CVE-2024-45233 is a vulnerability discovered in the Powermail extension for TYPO3, affecting versions prior to 12.3.5. This issue arises from inadequate access controls in the OutputController, allowing unauthenticated attackers to potentially edit, update, delete, or export form data when utilizing the Powermail Frontend plugins. The vulnerability has a high severity rating with a base score of 7.3 and can be exploited remotely without user interaction or elevated privileges. To remediate this vulnerability, users should upgrade to fixed versions 7.5.0, 8.5.0, 10.9.0, or 12.4.0 as recommended by TYPO3's security advisory. If left unaddressed, organizations risk unauthorized access to sensitive data and potential data loss or manipulation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share