CVE-2014-6292 – in2code/femanager

Package

Manager: composer
Name: in2code/femanager
Vulnerable Version: >=0 <1.0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.0035 pctl0.56778

Details

TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.

Metadata

Created: 2022-05-13T01:04:01Z
Modified: 2025-04-14T17:03:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-377v-8637-6vq6/GHSA-377v-8637-6vq6.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-377v-8637-6vq6
Finding: F039
Auto approve: 1