85 matches found
CVE-2023-25014
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
EUVD-2014-6177
Malware in sbrugna...
EUVD-2021-2048
Malware in sbrugna...
EUVD-2023-0614
Malicious code in bioql PyPI...
EUVD-2023-0740
Malicious code in bioql PyPI...
EUVD-2025-16028
Malicious code in bioql PyPI...
EUVD-2025-22305
Malicious code in bioql PyPI...
Insecure Direct Object Reference (IDOR)
in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to direct access to user data objects without proper authorization checks, allowing unauthorized modification of user data...
CVE-2025-7900
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
GHSA-RC5F-3HFV-JXP2 Femanager extension for TYPO3 allows Insecure Direct Object Reference
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
Femanager extension for TYPO3 allows Insecure Direct Object Reference
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
Authorization Bypass Through User-Controlled Key
Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the identity parameter when saving user-submitted data. An attacker can gain unauthorized access and modify sensitive...
CVE-2025-7900 Insecure Direct Object Reference in extension "femanager" (femanager)
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900 Insecure Direct Object Reference in extension "femanager" (femanager)
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900
CVE-2025-7900 — The femanager extension for TYPO3 contains an Insecure Direct Object Reference that allows unauthorized modification of userdata. Affected versions: 6.4.1 and below; 7.0.0–7.5.2; 8.0.0–8.3.0. Root cause: IDOR in user data handling. Impact: unauthorized modification of userdata. Re...
PT-2025-30395 · Typo3 · Femanager
Name of the Vulnerable Software and Affected Versions: femanager versions 6.4.1 and below femanager versions 7.0.0 through 7.5.2 femanager versions 8.0.0 through 8.3.0 Description: The femanager extension for TYPO3 contains an Insecure Direct Object Reference issue, which allows unauthorized...
TYPO3 femanager 安全漏洞
TYPO3 femanager is a TYPO3 extension to the TYPO3 open source. A security vulnerability exists in TYPO3 femanager versions 6.4.1 and earlier, 7.0.0 to 7.5.2, and 8.0.0 to 8.3.0, which stems from an insecure direct object reference that could lead to unauthorized modification of user data...