VYPR
High severityNVD Advisory· Published Oct 3, 2014· Updated Jun 17, 2026

CVE-2014-3947

CVE-2014-3947

Description

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
in2code/powermailPackagist
< 1.6.111.6.11
in2code/powermailPackagist
>= 2.0.0, < 2.0.142.0.14

Affected products

13
  • cpe:2.3:a:alex_kellner:powermail:2.0.0:*:*:*:*:typo3:*:*+ 11 more
    • cpe:2.3:a:alex_kellner:powermail:2.0.0:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.10:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.1:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.2:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.3:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.4:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.5:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.6:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.7:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.8:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:2.0.9:*:*:*:*:typo3:*:*
    • cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:typo3:*:*range: <=1.6.10
  • ghsa-coords
    Range: < 1.6.11

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.