An issue exists in the fp_newsletter (aka Newsletter subscriber management) extension prior to 1.1.1, 1.2.0, 2.x prior to 2.1.2, 2.2.1 up to and including 2.4.0, and 3.x prior to 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fp newsletter project fp newsletter |
||
fp newsletter project fp newsletter 1.2.0 |