CVE-2020-12699

The CVE-2020-12699 entry concerns the TYPO3 Direct Mail (direct_mail) extension up to version 5.2.3, where the jumpUrl parameter is not sanitized, enabling an Open Redirect. This conclusion is supported by multiple connected sources (Veracode, GHSA/OSV, CVE records) describing an Open Redirect vi...

CVE-2020-12698

The Direct Mail extension for TYPO3 (direct_mail) up to version 5.2.3 has Broken Access Control affecting newsletter subscriber tables when exporting via CSV. The vulnerability arises from insufficient authorization checks for backend users accessing data (e.g., tt_address, fe_users) during CSV e...

CVE-2020-12700

The CVE-2020-12700 issue affects TYPO3's Direct Mail extension (direct_mail), version up to 5.2.3. The root cause is a missing access check for an authenticated backend user when using the Special Query feature, which enables Information Disclosure of newsletter subscriber data. Documented impact...

CVE-2020-12697

The CVE-2020-12697 entry affects the TYPO3 Direct Mail extension (direct_mail) up to version 5.2.3. Root cause: a logging mechanism for link clicks has no cap on log entry generation, enabling an attacker to cause excessive log writes and trigger a denial of service. Impact is described as DoS vi...

CVE-2019-16698

The CVE-2019-16698 issue affects the TYPO3 Direct Mail extension (direct_mail) up to version 5.2.2. A missing access check in the backend module allows a user with restricted permissions (to fe_users) to view and export data of frontend newsletter subscribers. The condition is an information-disc...

CVE-2013-7400

The CVE-2013-7400 entry applies to the TYPO3 Direct Mail extension (direct_mail) prior to version 3.1.2, where authentication codes were not checked correctly, allowing remote attackers to obtain sensitive information. Public sources in connected documents confirm an information-disclosure vulner...