A missing access check in the backend module of the extension allows a backend user without access to configured tables (e.g. fe_users, tt_address) to view and export data of users subscribed to a newsletter.
CPE | Name | Operator | Version |
---|---|---|---|
direct_mail | le | 5.2.2 |