Insecure Direct Object Reference in extension “powermail” (powermail)

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title Insecure Direct Object Reference in extension “powermail” (powermail)
Type cve
Published 2025-07-22T10:18:38.449Z
Modified 2025-07-22T10:18:38.449Z

Product Information

Vendor TYPO3
Product Extension “powermail”
Version 12.0.0

CVSS Information

Base Score 6.0 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

AI Analysis

AI Description The powermail extension for TYPO3 has a vulnerability that allows unauthorized access to arbitrary files on the webserver due to an Insecure Direct Object Reference. This affects versions 12.0.0 to 12.5.2 and 13.0.0.
AI Severity Medium
AI Vendor TYPO3
AI Product powermail
AI Version 12.0.0-12.5.2, 13.0.0

Affected Products

  • TYPO3 Extension “powermail” 12.0.0
  • TYPO3 Extension “powermail” 13.0.0

Additional Information

CWE List CWE-639
Source TYPO3

Description

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.