CVE-2022-44005

Name of the Vulnerable Software and Affected Versions BACKCLICK Professional version 5.9.63

Description An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent.

Recommendations For version 5.9.63, consider implementing random or non-sequential IDs in verification links to prevent enumeration of subscribers' e-mail addresses. Additionally, restrict the ability to subscribe and verify e-mail addresses to prevent unauthorized access. As a temporary workaround, consider disabling the newsletter sign-up functionality until a patch is available.