Skip to main content

Direct Mail

6 CVEs product

Monthly

CVE-2020-12700 PHP MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12699 PHP MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Direct Mail
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12698 PHP MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12697 PHP MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Direct Mail
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-16698 PHP MEDIUM PATCH This Month

The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2013-7400 PHP HIGH PATCH This Week

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Direct Mail
NVD
CVSS 3.0
7.5
EPSS
0.4%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Direct Mail
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Direct Mail
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Direct Mail
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Direct Mail
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Direct Mail
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Direct Mail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy