01642 06 11 11 Arrange Call

Unauthenticated User Password Manipulation in TYPO3 femanager Extension

CVE-2023-25013 · HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.

Learn more about our User Device Pen Test.