Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/in2code/femanager@7.0.0
purl pkg:composer/in2code/femanager@7.0.0
Next non-vulnerable version 7.1.0
Latest non-vulnerable version 7.2.3
Risk
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-mp37-6ntu-zkbt
Aliases:
CVE-2023-45023
GHSA-93j4-v838-8767
TYPO3 extension femanager Broken Access Control vulnerability femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.
7.2.2
Affected by 0 other vulnerabilities.
VCID-ms2h-k8ts-zfhf
Aliases:
CVE-2023-25014
GHSA-3p9x-xxx6-2w4p
Broken Access Control in 3rd party TYPO3 extension "femanager" An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
7.1.0
Affected by 0 other vulnerabilities.
VCID-xppr-vgfx-p3hy
Aliases:
CVE-2023-25013
GHSA-mm8v-wmqx-8h2j
Broken Access Control in 3rd party TYPO3 extension "femanager" An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
7.1.0
Affected by 0 other vulnerabilities.
VCID-za9q-3m4u-b7gx
Aliases:
CVE-2023-50459
GHSA-4xp5-hr35-84cx
Broken Access Control in extension "femanager" The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.
7.2.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:46:35.710352+00:00 GitLab Importer Affected by VCID-za9q-3m4u-b7gx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-50459.yml 38.6.0
2026-06-02T04:45:55.343134+00:00 GitLab Importer Affected by VCID-mp37-6ntu-zkbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-45023.yml 38.6.0
2026-06-02T04:43:56.002477+00:00 GitLab Importer Affected by VCID-ms2h-k8ts-zfhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25014.yml 38.6.0
2026-06-02T04:43:55.825726+00:00 GitLab Importer Affected by VCID-xppr-vgfx-p3hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25013.yml 38.6.0