CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
| Software | From | Fixed in |
|---|---|---|
in2code / femanager
|
7.0.0 | 7.0.1 |
|
in2code / femanager
|
6.0.0 | 6.3.3 |
|
in2code / femanager
|
- | 5.5.2 |
| in2code / femanager | 7.0.0 | 7.0.0.x |
| in2code / femanager | 6.0.0 | 6.3.3 |
| in2code / femanager | - | 5.5.2 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2022-44543.yaml
- https://github.com/in2code-de/femanager/commit/827edbc767b1cb6c0cb77d82e46b88fea3b22ad9
- https://github.com/in2code-de/femanager/releases/tag/5.5.2
- https://github.com/in2code-de/femanager/releases/tag/6.3.3
- https://github.com/in2code-de/femanager/releases/tag/7.0.1
- https://typo3.org/help/security-advisories
- https://typo3.org/security/advisory/typo3-ext-sa-2022-015
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime