CVE Details
Basic Information
| Title | Insecure Direct Object Reference in extension “femanager” (femanager) |
|---|---|
| Type | cve |
| Published | 2025-07-22T10:21:32.123Z |
| Modified | 2025-07-22T10:21:32.123Z |
Product Information
| Vendor | TYPO3 |
|---|---|
| Product | Extension “femanager” |
| Version | 8.0.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
AI Analysis
| AI Description | The femanager extension for TYPO3 has a vulnerability that allows unauthorized modification of user data due to insecure direct object references. This can lead to data tampering by attackers. |
|---|---|
| AI Severity | Medium |
| AI Vendor | TYPO3 Association |
| AI Product | femanager extension |
| AI Version | 6.4.1 and below, 7.0.0 to 7.5.2, 8.0.0 to 8.3.0 |
Affected Products
- TYPO3 Extension “femanager” 8.0.0
- TYPO3 Extension “femanager” 7.0.0
- TYPO3 Extension “femanager” 0
Additional Information
| CWE List | CWE-639 |
|---|---|
| Source | TYPO3 |
Description
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0