It has been discovered that the extension "AH Sendmail" (ah_sendmail) is susceptible to Remote Code Execution.

More... (https://typo3.org/news/article/remote-code-execution-in-extension-ah-sendmail-ah-sendmail/)