Lucene search

[email protected]CVE-2009-1264

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1264

2022-10-0316:23:59

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1264

typo3

frontend user registration

sr_feuser_register

information security

access rights

passwords

remote attack

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.

Affected configurations

NVD

Node

typo3typo3

AND

stanislas_rollandsr_feuser_registerRange≤2.5.20

stanislas_rollandsr_feuser_registerMatch1.4

stanislas_rollandsr_feuser_registerMatch1.6

stanislas_rollandsr_feuser_registerMatch2.2.1

stanislas_rollandsr_feuser_registerMatch2.2.7

stanislas_rollandsr_feuser_registerMatch2.2.8

stanislas_rollandsr_feuser_registerMatch2.3

stanislas_rollandsr_feuser_registerMatch2.3.6

stanislas_rollandsr_feuser_registerMatch2.4

stanislas_rollandsr_feuser_registerMatch2.5

stanislas_rollandsr_feuser_registerMatch2.5.10

CPENameOperatorVersion
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registerle2.5.20
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq1.4
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq1.6
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.2.1
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.2.7
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.2.8
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.3
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.3.6
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.4
stanislas_rolland:sr_feuser_registerstanislas rolland sr feuser registereq2.5

CPE	Name	Operator	Version
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	le	2.5.20
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	1.4
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	1.6
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.2.1
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.2.7
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.2.8
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.3
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.3.6
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.4
stanislas_rolland:sr_feuser_register	stanislas rolland sr feuser register	eq	2.5

Rows per page:

1-10 of 111

References

osvdb.org/53278

secunia.com/advisories/34586

typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/

typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/

www.securityfocus.com/bid/34374

www.vupen.com/english/advisories/2009/0938

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVE-2009-1264

prion1 cvelist1 nvd1