How severe is CVE-2024-45232?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-45232?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-45232

HIGH Year: 2024

CVSS v3 Score

7.3

High

Weakness Type

CWE-639

View all →

Vulnerability Description

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0

CVE-2019-7890

HIGH

CVSS:7.3(High)

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead t...

CWE-6392019

CVE-2021-44160

HIGH

CVSS:7.3(High)

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentica...

CWE-6392021

CVE-2024-10174

HIGH

CVSS:7.3(High)

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,...

CWE-6392024

CVE-2019-17050

HIGH

CVSS:7.2(High)

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a softwa...

CWE-6392019

CVE-2021-22023

HIGH

CVSS:7.2(High)

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modif...

CWE-6392021

CVE-2023-2548

HIGH

CVSS:7.2(High)

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to o...

CWE-6392023

CVE-2024-45232

Vulnerability Description

Related Vulnerabilities

CVE-2019-7890

CVE-2021-44160

CVE-2024-10174

CVE-2019-17050

CVE-2021-22023

CVE-2023-2548