Unauthenticated User Deletion Vulnerability in femanager Extension

Unauthenticated User Deletion Vulnerability in femanager Extension

CVE-2023-25014 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.

Learn more about our User Device Pen Test.