Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the user parameter in the newAction method of the newController, allows attackers to manipulate the parameter to access data of other frontend users...

The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the femanager extension of the TYPO3 content management system is related to the use of insecure direct links to objects. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2025-48202

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...

The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.

The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...

Missing Authorization

Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Missing Authorization via unspecified vectors. An attacker can modify or delete the records of other frontend users by exploiting these vectors. Remediation Upgrade...