CVE-2010-0329
EPSS 0.40%TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors
Published: 5/2/2022Modified: 4/10/2025
Description
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
Affected packages (1)
- Packagist/in2code/powermailfrom 0, < 1.5.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
References (4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-0329
- WEBhttps://web.archive.org/web/20100123124044/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021
- WEBhttp://typo3.org/extensions/repository/view/powermail/1.5.2
- WEBhttp://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt