Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/34374 | Patch |
http://secunia.com/advisories/34586 | Vendor Advisory |
http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/ | Patch Vendor Advisory |
http://osvdb.org/53278 | |
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/ | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2009/0938 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-04-07 16:30
Updated : 2009-04-07 21:00
NVD link : CVE-2009-1264
Mitre link : CVE-2009-1264
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
stanislas_rolland
- sr_feuser_register
typo3
- typo3