Skip to main content

Acymailing CVE-2023-39974

MEDIUM
Information Exposure (CWE-200)
2023-08-17 security@joomla.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 17, 2023 - 21:15 nvd
MEDIUM 5.3

DescriptionNVD

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

AnalysisAI

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. Affected products include: Acymailing.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-28731 CRITICAL POC
9.8 Mar 30

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campai

CVE-2018-9107 HIGH POC
8.8 Mar 28

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing exte

CVE-2021-24288 MEDIUM POC
6.1 May 17

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1),

CVE-2024-7384 HIGH
8.8 Aug 22

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is v

CVE-2023-28732 HIGH
7.5 Mar 30

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from

CVE-2020-10934 HIGH
7.2 Mar 24

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is r

CVE-2023-41867 MEDIUM
6.1 Sep 25

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at

CVE-2023-39971 MEDIUM
6.1 Aug 17

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla

CVE-2023-28733 MEDIUM
6.1 Mar 30

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, explo

CVE-2023-39973 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

CVE-2023-39972 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

Share

CVE-2023-39974 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy