Allele Security Alert
ASA-2019-00585, CVE-2019-16698, EXT-SA-2019-016
d.k.d Internet Service GmbH
TYPO3 extension Direct Mail (direct_mail)
TYPO3 extension Direct Mail (direct_mail) versions before 5.2.3
TYPO3 extension Direct Mail (direct_mail) version 5.2.3
Proof of concept
A missing access check in the backend module of the extension allows a backend user without access to configured tables (e.g. fe_users, tt_address) to view and export data of users subscribed to a newsletter.
Information Disclosure in extension “Direct Mail” (direct_mail)
Direct Mail (direct_mail)
[TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions
it’s an newsletter sending extension for the TYPO3 CMS
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 23, 2019