Vulnerabilities > CVE-2022-44005 - Authorization Bypass Through User-Controlled Key vulnerability in Backclick 5.9.63
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-026.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-026.txt
- https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037
- https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037