VulnerableCode Package Details - pkg:composer/in2code/femanager@7.0.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/in2code/femanager@7.0.1

Essentials
History (9)

purl	pkg:composer/in2code/femanager@7.0.1

Next non-vulnerable version	7.5.3
Latest non-vulnerable version	8.3.1
Risk	4.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-2wst-vxu9-73ce Aliases: CVE-2023-50459 GHSA-4xp5-hr35-84cx	Broken Access Control in extension "femanager" The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.	7.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3t7q-cyp5-mqb4 Aliases: CVE-2023-25013 GHSA-mm8v-wmqx-8h2j	An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.	7.1.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7bek-ysht-hugc Aliases: CVE-2023-45023 GHSA-93j4-v838-8767	TYPO3 extension femanager Broken Access Control vulnerability femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.	7.2.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d91a-d2b5-cycq Aliases: CVE-2023-25014 GHSA-3p9x-xxx6-2w4p	An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.	7.1.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vpgv-cr97-kffs Aliases: CVE-2025-7900 GHSA-rc5f-3hfv-jxp2	The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0	7.5.3 Affected by 0 other vulnerabilities. 8.3.1 Affected by 0 other vulnerabilities.
VCID-wumy-ggkp-cugg Aliases: CVE-2025-48202 GHSA-xxwr-wv9g-7jw3	The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.	7.4.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.2.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-3q4b-w6nb-kqbp	TYPO3 Extension femanager vulnerable to Broken Access Control	CVE-2022-44543 GHSA-59m9-p6cm-94q5 GMS-2022-6272

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-14T11:55:06.601221+00:00	GitLab Importer	Fixing	VCID-3q4b-w6nb-kqbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/GMS-2022-6272.yml	38.6.0
2026-06-12T20:07:41.907329+00:00	GitLab Importer	Affected by	VCID-vpgv-cr97-kffs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-7900.yml	38.6.0
2026-06-12T20:02:09.636509+00:00	GitLab Importer	Affected by	VCID-wumy-ggkp-cugg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-48202.yml	38.6.0
2026-06-12T19:13:37.980110+00:00	GitLab Importer	Affected by	VCID-2wst-vxu9-73ce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-50459.yml	38.6.0
2026-06-12T19:07:23.670610+00:00	GitLab Importer	Affected by	VCID-7bek-ysht-hugc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-45023.yml	38.6.0
2026-06-12T18:45:38.037850+00:00	GitLab Importer	Affected by	VCID-d91a-d2b5-cycq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25014.yml	38.6.0
2026-06-12T18:45:36.819029+00:00	GitLab Importer	Affected by	VCID-3t7q-cyp5-mqb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25013.yml	38.6.0
2026-06-12T08:17:33.522161+00:00	GithubOSV Importer	Fixing	VCID-3q4b-w6nb-kqbp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-59m9-p6cm-94q5/GHSA-59m9-p6cm-94q5.json	38.6.0
2026-06-11T20:33:08.190899+00:00	GHSA Importer	Fixing	VCID-3q4b-w6nb-kqbp	https://github.com/advisories/GHSA-59m9-p6cm-94q5	38.6.0