An issue exists in the femanager extension prior to 5.5.3, 6.x prior to 6.3.4, and 7.x prior to 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
in2code femanager |