Vulnerability Database

300,990

Total vulnerabilities in the database

CVE-2023-45023

femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.

Published: Oct 4, 2023
Updated: Oct 5, 2023
CVE: CVE-2023-45023
GHSA: GHSA-93j4-v838-8767
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
in2code / femanager	7.0.0	7.2.2

https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-45023.yaml
https://github.com/in2code-de/femanager/commit/cc5f2893613a6b3fd2677c457574ab587a0862ca
https://github.com/in2code-de/femanager/releases/tag/7.2.2
https://typo3.org/security/advisory/typo3-ext-sa-2023-008

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo