The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/