Описание
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks in the createAction and unsubscribeAction can be used to obtain data of existing newsletter subscribers.
Ссылки
Пакеты
fixpunkt/fp-newsletter
>= 2.2.0, < 3.2.6
3.2.6
fixpunkt/fp-newsletter
>= 2.0.0, < 2.1.2
2.1.2
fixpunkt/fp-newsletter
< 1.1.1
1.1.1
Связанные уязвимости
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.