Allele Security Alert
ASA-2019-00585, CVE-2019-16698, EXT-SA-2019-016
d.k.d Internet Service GmbH
TYPO3 extension Direct Mail (direct_mail)
TYPO3 extension Direct Mail (direct_mail) versions before 5.2.3
TYPO3 extension Direct Mail (direct_mail) version 5.2.3
Proof of concept
A missing access check in the backend module of the extension allows a backend user without access to configured tables (e.g. fe_users, tt_address) to view and export data of users subscribed to a newsletter.
Information Disclosure in extension “Direct Mail” (direct_mail)
Direct Mail (direct_mail)
[TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions
it’s an newsletter sending extension for the TYPO3 CMS
Security fix release
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 23, 2019