Direct Mail
CVE-2020-12697
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.
AnalysisAI
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Affected products include: Dkd Direct Mail. Version information: through 5.2.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
More in Direct Mail
View allThe Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information b
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. Rated medium severity (CVSS 6.1), th
The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. Rated medi
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, al
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today