Lucene search
HistoryDec 12, 2023 - 5:15 p.m.
CVE-2022-44543
typo3
femanager
extension
usergroup
mishandling
vulnerability
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
17.0%
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
Affected configurations
Node
in2codefemanagerRange<5.5.2typo3
ORin2codefemanagerRange6.0.0–6.3.3typo3
ORin2codefemanagerMatch7.0.0typo3
Related
friendsofphp
friendsofphp
cvelist
cvelist
CVE-2022-44543
2023-12-12 00:00:00
prion
prion
Design/Logic Flaw
2023-12-12 17:15:00
osv
osv
TYPO3 Extension femanager vulnerable to Broken Access Control
2022-11-03 18:10:52
CVE-2022-44543
2023-12-12 17:15:07
github
github
TYPO3 Extension femanager vulnerable to Broken Access Control
2022-11-03 18:10:52
cve
cve
CVE-2022-44543
2023-12-12 17:15:07
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2022-44543