GHSA-XXWR-WV9G-7JW3 The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

The femanager TYPO3 extension allows Insecure Direct Object Reference

Insecure Direct Object Reference IDOR in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController...

PT-2025-22371

Name of the Vulnerable Software and Affected Versions femanager extension versions prior to 8.2.2 Description The issue allows attackers to view frontend user data. This is achieved through an Insecure Direct Object Reference IDOR in the femanager TYPO3 extension, where attackers can exploit a us...

CVE-2019-16698

The CVE-2019-16698 issue affects the TYPO3 Direct Mail extension (direct_mail) up to version 5.2.2. A missing access check in the backend module allows a user with restricted permissions (to fe_users) to view and export data of frontend newsletter subscribers. The condition is an information-disc...