CVE-2014-3947

Powermail <1.6.11 & 2.x <2.0.14 - RCE

Title source: llm
STIX 2.1

Description

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.

References (2)

Core 2

Scores

EPSS 0.0233
EPSS Percentile 81.4%

Details

CWE
CWE-94
Status published
Products (13)
alex_kellner/powermail 2.0.0
alex_kellner/powermail 2.0.1
alex_kellner/powermail 2.0.2
alex_kellner/powermail 2.0.3
alex_kellner/powermail 2.0.4
alex_kellner/powermail 2.0.5
alex_kellner/powermail 2.0.6
alex_kellner/powermail 2.0.7
alex_kellner/powermail 2.0.8
alex_kellner/powermail 2.0.9
... and 3 more
Published Oct 03, 2014
Tracked Since Feb 18, 2026