Lucene search

[email protected]CVE-2022-44543

HistoryDec 12, 2023 - 5:15 p.m.

CVE-2022-44543

2023-12-1217:15:07

[email protected]

web.nvd.nist.gov

2260

typo3

femanager

nvd

security vulnerability

cve-2022-44543

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.

Affected configurations

NVD

Node

in2codefemanagerRange<5.5.2typo3

in2codefemanagerRange6.0.0–6.3.3typo3

in2codefemanagerMatch7.0.0typo3

CPENameOperatorVersion
in2code:femanagerin2code femanagerlt5.5.2
in2code:femanagerin2code femanagerlt6.3.3
in2code:femanagerin2code femanagereq7.0.0

CPE	Name	Operator	Version
in2code:femanager	in2code femanager	lt	5.5.2
in2code:femanager	in2code femanager	lt	6.3.3
in2code:femanager	in2code femanager	eq	7.0.0

References

typo3.org/help/security-advisories

typo3.org/security/advisory/typo3-ext-sa-2022-015

Social References

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2022-44543

cvelist1 friendsofphp1 prion1 nvd1 github1 osv2