← Zuruck zu CVEs
CVE-2023-25013
HIGH8.6
Beschreibung
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
CVE Details
CVSS v3.1 Bewertung8.6
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/2/2023
Zuletzt geandert3/26/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
in2code:femanager
Schwachen (CWE)
CWE-306CWE-306
Referenzen
https://typo3.org/help/security-advisories(cve@mitre.org)
https://typo3.org/security/advisory/typo3-ext-sa-2023-001(cve@mitre.org)
https://typo3.org/help/security-advisories(af854a3a-2127-422b-91ae-364da2661108)
https://typo3.org/security/advisory/typo3-ext-sa-2023-001(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.