Headline
GHSA-mm8v-wmqx-8h2j: Broken Access Control in 3rd party TYPO3 extension "femanager"
A missing access check in the InvitationController
allows an unauthenticated user with a valid invitation link to set the password of all frontend users.
Broken Access Control in 3rd party TYPO3 extension “femanager”
High severity GitHub Reviewed Published Feb 2, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023