The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| in2code/femanager(Packagist) | 7.0.0 | 7.0.1 | N/A |
| in2code/femanager(Packagist) | 6.0.0 | 6.3.3 | N/A |
| in2code/femanager(Packagist) | 0 | 5.5.2 | N/A |
CVSS Metrics
