CVE-2019-16698

Опубликовано: 16 окт. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.

Ссылки

https://extensions.typo3.org/extension/direct_mail
Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
Third Party Advisory
https://extensions.typo3.org/extension/direct_mail
Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dkd:direct_mail:*:*:*:*:*:typo3:*:*

Версия до 5.2.2 (включая)

EPSS

Процентиль: 31%

0.00114

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-j2w4-45qm-r674