CVE-2022-47408

Published: Dec 14, 2022Modified: Apr 21, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.

Affected (5)

Products: Fp Newsletter Project: Fp Newsletter

Fp Newsletter Project

1 product

Fp Newsletter

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fp Newsletter Project Fp Newsletter	Before 1.1.1
Fp Newsletter Project Fp Newsletter	From 2.0.0 to 2.1.2
Fp Newsletter Project Fp Newsletter	From 2.2.1 to 2.4.0
Fp Newsletter Project Fp Newsletter	From 3.0.0 to 3.2.6
Fp Newsletter Project Fp Newsletter	Version 1.2.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://typo3.org/security/advisory/typo3-ext-sa-2022-017

Source: cve@mitre.org

PatchVendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2022-017

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.