Vulnerability Details CVE-2013-7400
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2014/09/11/4
- https://extensions.typo3.org/extension/direct_mail/
- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/
- http://www.openwall.com/lists/oss-security/2014/09/11/4
- https://extensions.typo3.org/extension/direct_mail/
- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/
Products affected by CVE-2013-7400
-
cpe:2.3:a:dkd:direct_mail:1.0.8
-
cpe:2.3:a:dkd:direct_mail:1.1.0
-
cpe:2.3:a:dkd:direct_mail:2.0.0
-
cpe:2.3:a:dkd:direct_mail:2.0.1
-
cpe:2.3:a:dkd:direct_mail:2.1.0
-
cpe:2.3:a:dkd:direct_mail:2.1.1
-
cpe:2.3:a:dkd:direct_mail:2.1.2
-
cpe:2.3:a:dkd:direct_mail:2.1.4
-
cpe:2.3:a:dkd:direct_mail:2.1.5
-
cpe:2.3:a:dkd:direct_mail:2.2.0
-
cpe:2.3:a:dkd:direct_mail:2.5.1
-
cpe:2.3:a:dkd:direct_mail:2.5.2
-
cpe:2.3:a:dkd:direct_mail:2.5.3
-
cpe:2.3:a:dkd:direct_mail:2.5.4
-
cpe:2.3:a:dkd:direct_mail:2.6.0
-
cpe:2.3:a:dkd:direct_mail:2.6.1
-
cpe:2.3:a:dkd:direct_mail:2.6.10
-
cpe:2.3:a:dkd:direct_mail:2.6.2
-
cpe:2.3:a:dkd:direct_mail:2.6.3
-
cpe:2.3:a:dkd:direct_mail:2.6.4
-
cpe:2.3:a:dkd:direct_mail:2.6.5
-
cpe:2.3:a:dkd:direct_mail:2.6.6
-
cpe:2.3:a:dkd:direct_mail:2.6.7
-
cpe:2.3:a:dkd:direct_mail:2.6.8
-
cpe:2.3:a:dkd:direct_mail:2.6.9
-
cpe:2.3:a:dkd:direct_mail:2.7.0
-
cpe:2.3:a:dkd:direct_mail:3.0.0
-
cpe:2.3:a:dkd:direct_mail:3.0.1
-
cpe:2.3:a:dkd:direct_mail:3.0.2
-
cpe:2.3:a:dkd:direct_mail:3.0.3
-
cpe:2.3:a:dkd:direct_mail:3.0.4
-
cpe:2.3:a:dkd:direct_mail:3.1.0
-
cpe:2.3:a:dkd:direct_mail:3.1.1