Vulnerability Database

300,990

Total vulnerabilities in the database

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.

Published: Feb 2, 2023
Updated: May 9, 2024
CVE: CVE-2023-25013
GHSA: GHSA-mm8v-wmqx-8h2j
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
in2code / femanager	7.0.0	7.1.0
in2code / femanager	6.0.0	6.3.4
in2code / femanager	-	5.5.3
in2code / femanager	-	5.5.3
in2code / femanager	6.0.0	6.3.4
in2code / femanager	7.0.0	7.1.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo