Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...

Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

Design/Logic Flaw

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

TYPO3 访问控制错误漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3 version 5.5.3, version 6.x up to and including version 6.3.4, and version 7.x up to and including version 7.1.0, which stems from a lack ...