CVE-2019-16698
N/A
N/A
Summary
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://extensions.typo3.org/extension/direct_mail
- https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
References
- https://extensions.typo3.org/extension/direct_mail
- https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.