TYPO3 Powermail Extension Security Bypass Vulnerability

Bugtraq ID:	69639
Class:	Design Error
CVE:	CVE-2014-6288
Remote:	Yes
Local:	No
Published:	Apr 10 2014 12:00AM
Updated:	Sep 12 2014 12:14AM
Credit:	Jigal van Hemert
Vulnerable:
Not Vulnerable:

TYPO3 Powermail Extension Security Bypass Vulnerability

The Powermail extension for TYPO3 is prone to a security-bypass vulnerability.

An attacker may leverage this issue to bypass certain security restrictions that may aid in further attacks.

Powermail 2.0.0 through 2.0.10 are vulnerable.

TYPO3 Powermail Extension Security Bypass Vulnerability

Attackers can use a browser to exploit this issue.

TYPO3 Powermail Extension Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

TYPO3 Powermail Extension Security Bypass Vulnerability

References:

• TYPO3 Homepage (TYPO3)