CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

CVE-2026-46721

Summary (CVE-2026-46721): The issue is in the TYPO3 extension “Frontend User Registration” (sf_register). The create/edit flows allow submitting arbitrary user properties and do not enforce frontend access control on user-group assignment, enabling an attacker to assign any frontend user group to...

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...

GHSA-RJRQ-93HP-22WW Frontend User Registration extension for TYPO3 does not properly verify access rights

Frontend User Registration srfeuserregister extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors...

Frontend User Registration extension for TYPO3 does not properly verify access rights

Frontend User Registration srfeuserregister extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors...

TYPO3 Frontend User Registration Remote Command Execution Vulnerability

TYPO3 is a free and open source content management system. A remote command execution vulnerability exists in TYPO3 Frontend User Registration. A remote attacker could exploit the vulnerability to execute arbitrary code within the context of the application. A successful attack would corrupt the...

Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...

Information disclosure

Frontend User Registration srfeuserregister extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors...

CVE-2009-1264

Frontend User Registration srfeuserregister extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors...

CVE-2009-1264

The CVE concerns TYPO3 Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier, where access rights were not properly verified, allowing remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. Affected versions are 2.5.20 and e...

Information Disclosure in third party extension "Frontend User registration"

It has been discovered that the TYPO3 extension "Frontend User Registration" srfeuserregister is susceptible to Information Disclosure. Release Date: April 6, 2009 Component Type: Third party extension. This extension is not a part of a TYPO3 default installation. Affected Versions: 2.5.20 and al...

Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)

It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks and allows Remote Command Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions:...