Lucene search
K

88 matches found

OSV
OSV
added 2023/12/12 12:0 a.m.19 views

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

5.3CVSS6.8AI score0.00603EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.24 views

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

5.5AI score0.00603EPSS
Exploits0References2
Veracode
Veracode
added 2023/10/06 5:57 a.m.11 views

Improper Access Control

femanager is vulnerable to Improper Access Control. The vulnerability is due to a lack of proper access control checks in the plugin, allowing a remote user to create frontend user accounts with unauthorized access to configured frontend groups...

6.8AI score0.01077EPSS
Exploits0
OSV
OSV
added 2023/10/04 5:57 p.m.27 views

GHSA-93J4-V838-8767 TYPO3 extension femanager Broken Access Control vulnerability

femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups...

6.5AI score0.01077EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/04 5:57 p.m.28 views

TYPO3 extension femanager Broken Access Control vulnerability

femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups...

6.5AI score0.01077EPSS
Exploits0References5Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/10/04 9:43 a.m.18 views

TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-008...

7.2AI score0.01077EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.8 views

The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.

The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...

9CVSS7.2AI score0.00501EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/02 12:0 a.m.4 views

The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to set arbitrary passwords for users of the system.

The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController. Exploiting this vulnerability allows a malicious actor to set arbitrary passwords for users of the system remotely...

9CVSS7.2AI score0.00501EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/02 3:30 a.m.26 views

Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...

8.6CVSS7.5AI score0.00501EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/02/02 3:30 a.m.16 views

GHSA-MM8V-WMQX-8H2J Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...

8.6CVSS8AI score0.00501EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/02 3:30 a.m.24 views

Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...

8.6CVSS7.4AI score0.00501EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/02 3:30 a.m.40 views

GHSA-3P9X-XXX6-2W4P Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...

8.6CVSS7.9AI score0.00501EPSS
Exploits0References3
NVD
NVD
added 2023/02/02 1:15 a.m.26 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS8.7AI score0.00501EPSS
Exploits0References2
Prion
Prion
added 2023/02/02 1:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

5CVSS7.6AI score0.00501EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/02 1:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...

5CVSS7.5AI score0.00501EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/02 12:0 a.m.51 views

CVE-2023-25013

The CVE-2023-25013 issue affects the TYPO3 femanager extension (versions: <5.5.3, <6.3.4 for 6.x, and

8.6CVSS7.6AI score0.00501EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/02 12:0 a.m.5 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS7.4AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2023/02/02 12:0 a.m.18 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS7.7AI score0.00501EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/02 12:0 a.m.27 views

CVE-2023-25014

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...

8.6CVSS8.8AI score0.00501EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/02 12:0 a.m.30 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS8.9AI score0.00501EPSS
Exploits0References2
Rows per page
Query Builder