Vigil@nce - TYPO3 "MMC directmail subscription": information disclosure
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can query TYPO3 "MMC directmail subscription", in
order to get personal data about subscriber users.
Impacted products: TYPO3 Extensions not comprehensive.
Severity: 1/4.
Creation date: 31/05/2016.
DESCRIPTION OF THE VULNERABILITY
The "MMC directmail subscription" extension can be installed on
TYPO3.
This extension manages mailing lists. However, it does not
restrict access to personal data about subscribers.
An attacker can therefore query TYPO3 "MMC directmail
subscription", in order to get personal data about subscriber
users.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/TYPO3-MMC-directmail-subscription-information-disclosure-19744