Primary

Context

TYPO3 sr_feuser_register Extension Insecure Direct Object Reference Vulnerability

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the TYPO3 sr_feuser_register extension, affecting versions 5.1.0 through 12.4.8. This vulnerability arises because the extension does not properly validate file identifiers before allowing downloads, enabling unauthorized access to arbitrary files.

Impact

Exploitation of this vulnerability could lead to unauthorized file disclosure and download, allowing attackers to access sensitive information or files they should not have permission to.

Remediation

Users of the sr_feuser_register extension are advised to update to version 12.5.0, available through the TYPO3 extension manager, Packagist, or the TYPO3 Extensions Repository.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 sr_feuser_register Extension Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating