Primary

Context

TYPO3 Femanager Extension Insecure Direct Object Reference Vulnerability

Vulnerability

Patched

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the TYPO3 femanager extension, affecting versions 6.4.1 and prior, as well as 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0. This vulnerability allows authenticated frontend users with access to the 'Edit' plugin to unauthorizedly modify other users' records. The issue arises because the extension improperly handles user data, allowing manipulated identity parameters to be logged and persisted, thereby altering user information without authorization.

Impact

Exploitation of this vulnerability allows for unauthorized modification of user data within the TYPO3 femanager extension.

Remediation

Users are advised to update to femanager versions 6.4.2, 7.5.3, or 8.3.1, available through the TYPO3 extension manager, Packagist, or by downloading the ZIP files for these versions from the TYPO3 extensions repository.

Added: Jul 22, 2025, 11:17 AM

Updated: Jul 22, 2025, 1:13 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Femanager Extension Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

in2code femanager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating