GHSA-rc5f-3hfv-jxp2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rc5f-3hfv-jxp2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-rc5f-3hfv-jxp2/GHSA-rc5f-3hfv-jxp2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-rc5f-3hfv-jxp2
- Aliases
-
- CVE-2025-7900
- Published
- 2025-07-22T12:30:43Z
- Modified
- 2025-07-22T15:42:19.274422Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Femanager extension for TYPO3 allows Insecure Direct Object Reference
- Details
-
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-07-22T14:39:18Z", "nvd_published_at": "2025-07-22T11:15:24Z", "cwe_ids": [ "CWE-639" ] }- References
Affected packages
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.2
Affected versions
2.*
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.7.0
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.3.0
4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
5.*
5.0.0
5.1.0
5.1.1
5.2.0
5.3.0
5.3.1
5.4.0
5.4.1
5.4.2
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
6.*
6.0.0
6.0.1
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.4.0
6.4.1
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager
Packagist / in2code/femanager
Package
- Name
- in2code/femanager
- Purl
- pkg:composer/in2code/femanager