VulnerableCode Package Details - pkg:composer/in2code/femanager@7.2.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2wst-vxu9-73ce Aliases: CVE-2023-50459 GHSA-4xp5-hr35-84cx	Broken Access Control in extension "femanager" The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.	7.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vpgv-cr97-kffs Aliases: CVE-2025-7900 GHSA-rc5f-3hfv-jxp2	The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0	7.5.3 Affected by 0 other vulnerabilities. 8.3.1 Affected by 0 other vulnerabilities.
VCID-wumy-ggkp-cugg Aliases: CVE-2025-48202 GHSA-xxwr-wv9g-7jw3	The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.	7.4.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.2.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2wst-vxu9-73ce
Aliases:
CVE-2023-50459
GHSA-4xp5-hr35-84cx

Broken Access Control in extension "femanager" The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.

7.2.3
Affected by 2 other vulnerabilities.

8.0.0
Affected by 2 other vulnerabilities.

VCID-vpgv-cr97-kffs
Aliases:
CVE-2025-7900
GHSA-rc5f-3hfv-jxp2

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

7.5.3
Affected by 0 other vulnerabilities.

8.3.1
Affected by 0 other vulnerabilities.

VCID-wumy-ggkp-cugg
Aliases:
CVE-2025-48202
GHSA-xxwr-wv9g-7jw3

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

7.4.2
Affected by 1 other vulnerability.

8.2.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-7bek-ysht-hugc	TYPO3 extension femanager Broken Access Control vulnerability femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.	CVE-2023-45023 GHSA-93j4-v838-8767

Vulnerability

Summary

Aliases

VCID-7bek-ysht-hugc

TYPO3 extension femanager Broken Access Control vulnerability femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.

CVE-2023-45023
GHSA-93j4-v838-8767

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:27:02.592490+00:00	GHSA Importer	Fixing	VCID-7bek-ysht-hugc	https://github.com/advisories/GHSA-93j4-v838-8767	38.6.0
2026-06-12T20:07:41.926982+00:00	GitLab Importer	Affected by	VCID-vpgv-cr97-kffs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-7900.yml	38.6.0
2026-06-12T20:02:09.655665+00:00	GitLab Importer	Affected by	VCID-wumy-ggkp-cugg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-48202.yml	38.6.0
2026-06-12T19:13:38.002561+00:00	GitLab Importer	Affected by	VCID-2wst-vxu9-73ce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-50459.yml	38.6.0
2026-06-12T15:47:07.483208+00:00	GitLab Importer	Fixing	VCID-7bek-ysht-hugc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-45023.yml	38.6.0
2026-06-12T07:56:32.084483+00:00	GithubOSV Importer	Fixing	VCID-7bek-ysht-hugc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-93j4-v838-8767/GHSA-93j4-v838-8767.json	38.6.0