CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.

CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.

This can be exploited to obtain e-mail addresses of people who subscribe to the attacker's newsletter, potentially compromising their privacy.

Additionally, it is possible to modify the verification link by injecting arbitrary HTML to deliver a different message to the user, or obtain access to the user's account by using the forgery of the verification link. This might lead to the hijacking of a victim's account. The vendor responsible for development of this software has released version 5.9.64 of this product, fixing this vulnerability.

How to check if I’m vulnerable?

You can check if you are vulnerable by visiting the vendor's website and entering your e-mail address. This will confirm whether you are subscribed to the attacker's newsletter.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe