Direct Mail Security Vulnerabilities - 2020

CVE-2020-12697

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.

CVE-2020-12698

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.

CVE-2020-12699

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.

CVE-2020-12700

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.