CVE-2013-7400: The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information

May 13, 2022 (updated April 21, 2025)

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.

References

extensions.typo3.org/extension/direct_mail
github.com/advisories/GHSA-4mh5-jj5w-3f9q
github.com/kartolo/direct_mail
nvd.nist.gov/vuln/detail/CVE-2013-7400
typo3.org/security/advisory/typo3-ext-sa-2013-014

Code Behaviors & Features

Detect and mitigate CVE-2013-7400 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →