Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can query TYPO3 "MMC directmail subscription", in
order to get personal data about subscriber users.

Impacted products: TYPO3 Extensions not comprehensive.

Severity: 1/4.

Creation date: 31/05/2016.

DESCRIPTION OF THE VULNERABILITY

The "MMC directmail subscription" extension can be installed on
TYPO3.

This extension manages mailing lists. However, it does not
restrict access to personal data about subscribers.

An attacker can therefore query TYPO3 "MMC directmail
subscription", in order to get personal data about subscriber
users.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/TYPO3-MMC-directmail-subscription-information-disclosure-19744