TYPO3 Modules Extension Improper Authentication Vulnerability

A broken authentication vulnerability exists in the TYPO3 extension 'Modules' (codingms/modules), affecting versions prior to 4.3.11, 5.0.0 through 5.7.3, 6.0.0 through 6.4.1, and 7.0.0 through 7.5.4. The vulnerability allows authenticated backend users to log in as frontend users by bypassing access checks, particularly when the extension setting 'module.frontendUser.allowNonAdminUsersToLoginAsFrontendUser' is enabled.

Impact

Exploitation of this vulnerability allows for unauthorized login as a frontend user, potentially leading to unauthorized access to user-specific functionalities or data.

Remediation

Users are advised to update the 'Modules' extension to version 4.3.11, 5.7.4, 6.4.2, or 7.5.5, available through the TYPO3 extension manager, Packagist, or directly from the TYPO3 extensions repository.