CVE-2010-3604: powermail extension for TYPO3 vulnerable to SQL Injection

May 17, 2022 (updated April 12, 2025)

SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

github.com/advisories/GHSA-rp53-fw29-rxg3
github.com/in2code-de/powermail
nvd.nist.gov/vuln/detail/CVE-2010-3604
web.archive.org/web/20101112082509/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019

Code Behaviors & Features

Detect and mitigate CVE-2010-3604 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →