CVE-2022-44543

Published: Dec 12, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.

Affected (3)

Products: In2code: Femanager

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
In2code Femanager	Before 5.5.2
In2code Femanager	From 6.0.0 to 6.3.3
In2code Femanager	Version 7.0.0

References (4)

https://typo3.org/help/security-advisories

Source: cve@mitre.org

Vendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2022-015

Source: cve@mitre.org

Vendor Advisory

https://typo3.org/help/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2022-015

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.