Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-az3m-6mtw-ukdm
Vulnerability ID VCID-az3m-6mtw-ukdm
Aliases CVE-2020-12700
GHSA-qwmj-72mp-q3m2
Summary Missing Authorization in TYPO3 extension The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-862 Missing Authorization
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2020-12700
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-12700
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-12700
cvssv3.1 4.3 https://typo3.org/help/security-advisories
generic_textual MODERATE https://typo3.org/help/security-advisories
cvssv3.1 4.3 https://typo3.org/security/advisory/typo3-ext-sa-2020-005
generic_textual MODERATE https://typo3.org/security/advisory/typo3-ext-sa-2020-005
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-12700
https://nvd.nist.gov/vuln/detail/CVE-2020-12700
https://typo3.org/help/security-advisories
https://typo3.org/security/advisory/typo3-ext-sa-2020-005
GHSA-qwmj-72mp-q3m2 https://github.com/advisories/GHSA-qwmj-72mp-q3m2
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-12700
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://typo3.org/help/security-advisories
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://typo3.org/security/advisory/typo3-ext-sa-2020-005
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32029
EPSS Score 0.00129
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:15:58.530782+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-qwmj-72mp-q3m2/GHSA-qwmj-72mp-q3m2.json 38.6.0