Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1yYzVmLTNoZnYtanhwMs4ABKaP

Moderate CVSS: 5.3 EPSS: 0.00043% (0.12338 Percentile) EPSS:
Permalink JSON

Femanager extension for TYPO3 allows Insecure Direct Object Reference

Affected Packages Affected Versions Fixed Versions
packagist:in2code/femanager >= 8.0.0, < 8.3.1, >= 7.0.0, < 7.5.3, < 6.4.2 8.3.1, 7.5.3, 6.4.2
5 Dependent packages
8 Dependent repositories
645,216 Downloads total

Affected Version Ranges

All affected versions

2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.3.0, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 5.3.0, 5.3.1, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.3.0, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.3.0

All unaffected versions

6.4.2

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0.

References:

Identifiers

GHSA-rc5f-3hfv-jxp2

CVE-2025-7900

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00043

EPSS Percentile: 0.12338

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/in2code-de/femanager

Date and time

Published

7 days ago

Updated

7 days ago

API

JSON