Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14eHdyLXd2OWctN2p3M84ABIMo

Moderate EPSS: 0.0004% (0.11479 Percentile) EPSS:
Permalink JSON

The femanager TYPO3 extension allows Insecure Direct Object Reference

Affected Packages Affected Versions Fixed Versions
packagist:in2code/femanager >= 5.5.0, < 5.5.5, >= 6.0.0, < 6.4.1, >= 7.0.0, < 7.4.2, >= 8.0.0, < 8.2.2 5.5.5, 6.4.1, 7.4.2, 8.2.2
5 Dependent packages
8 Dependent repositories
645,216 Downloads total

Affected Version Ranges

All affected versions

5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.3.0, 7.4.0, 7.4.1, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.2.1

All unaffected versions

2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.3.0, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 5.3.0, 5.3.1, 5.4.0, 5.4.1, 5.4.2, 5.5.5, 6.4.1, 6.4.2, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 8.2.2, 8.3.0

Insecure Direct Object Reference (IDOR) in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController.

References:

Identifiers

GHSA-xxwr-wv9g-7jw3

CVE-2025-48202

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0004

EPSS Percentile: 0.11479

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/in2code-de/femanager

Date and time

Published

2 months ago

Updated

2 months ago

API

JSON