CVE-2023-25013

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25013

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25013.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-25013

Aliases

GHSA-mm8v-wmqx-8h2j

Published

2023-02-02T01:15:08.600Z

Modified

2026-03-13T07:29:18.530850Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.

References

Affected packages

Git / github.com/in2code-de/femanager

Affected ranges

Type

GIT

Repo

https://github.com/in2code-de/femanager

Events

Introduced

Fixed

74a23c5f98f3c843f4ff657ed6cf75b6d8c5bdee

Introduced

9a09b57bb3f4b30a8aeafe6da114f81030495bc4

Fixed

83565c7ba1cd89672a2066141a4dce2298c7a093

Introduced

15223fcc5ef859785b8648980e2dfaf9ac6b4b7c

Fixed

1162f31b10ab052a7325ed1041eea4c5b12e0cb0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.5.3"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.3.4"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.1.0"
        }
    ]
}

Affected versions

6.*

6.0.0

6.0.1

6.1.0

6.1.1

6.1.2

6.2.0

6.2.1

6.3.0

6.3.1

6.3.2

6.3.3

7.*

7.0.0

7.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25013.json"