88 matches found
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...
Improper Access Control
femanager is vulnerable to Improper Access Control. The vulnerability is due to a lack of proper access control checks in the plugin, allowing a remote user to create frontend user accounts with unauthorized access to configured frontend groups...
GHSA-93J4-V838-8767 TYPO3 extension femanager Broken Access Control vulnerability
femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups...
TYPO3 extension femanager Broken Access Control vulnerability
femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups...
TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-008...
The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.
The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...
The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to set arbitrary passwords for users of the system.
The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController. Exploiting this vulnerability allows a malicious actor to set arbitrary passwords for users of the system remotely...
Broken Access Control in 3rd party TYPO3 extension "femanager"
A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...
GHSA-MM8V-WMQX-8H2J Broken Access Control in 3rd party TYPO3 extension "femanager"
A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...
Broken Access Control in 3rd party TYPO3 extension "femanager"
A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...
GHSA-3P9X-XXX6-2W4P Broken Access Control in 3rd party TYPO3 extension "femanager"
A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
Design/Logic Flaw
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
Design/Logic Flaw
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...
CVE-2023-25013
The CVE-2023-25013 issue affects the TYPO3 femanager extension (versions: <5.5.3, <6.3.4 for 6.x, and
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
CVE-2023-25014
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...