MidnightBSD

Advisories for fp_newsletter_project

CVE-2022-47408

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.

Products Affected

Vendor Product Version
fp_newsletter_project fp_newsletter *
fp_newsletter_project fp_newsletter 1.2.0
CVE-2022-47409

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.

Products Affected

Vendor Product Version
fp_newsletter_project fp_newsletter *
fp_newsletter_project fp_newsletter 1.2.0
CVE-2022-47410

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Products Affected

Vendor Product Version
fp_newsletter_project fp_newsletter *
fp_newsletter_project fp_newsletter 1.2.0
CVE-2022-47411

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.

Products Affected

Vendor Product Version
fp_newsletter_project fp_newsletter *
fp_newsletter_project fp_newsletter 1.2.0