It has been discovered that the extension "Maag Sendmail" (maag_sendmail) is susceptible to Remote Code Execution.

More... (https://typo3.org/news/article/remote-code-execution-in-extension-maag-sendmail-maag-sendmail/)