In2code: >> Femanager >> 5.5.2 Security Vulnerabilities
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-02-02
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
CVSS Score
8.6
EPSS Score
0.001
Published
2023-02-02