CVE-2010-0329: TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors

May 2, 2022 (updated April 10, 2025)

SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the “SQL selection field” and “typoscript.”

References

github.com/advisories/GHSA-mgw4-gv3f-g57j
nvd.nist.gov/vuln/detail/CVE-2010-0329
web.archive.org/web/20100123124044/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021

Code Behaviors & Features

Detect and mitigate CVE-2010-0329 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →