CVE-2022-44543

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.

Ссылки

https://typo3.org/help/security-advisories
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2022-015
Vendor Advisory
https://typo3.org/help/security-advisories
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2022-015
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*

Версия до 5.5.2 (исключая)

cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*

Версия от 6.0.0 (включая) до 6.3.3 (исключая)

cpe:2.3:a:in2code:femanager:7.0.0:*:*:*:*:typo3:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-59m9-p6cm-94q5

CVSS3: 6.5

github

больше 3 лет назад

TYPO3 Extension femanager vulnerable to Broken Access Control