CVE-2022-44005
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/11/2022
Last modified:
30/04/2025
Description
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:backclick:backclick:5.9.63:*:*:*:professional:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-026.txt
- https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-026.txt
- https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037