CVE-2014-6292
Description
In TYPO3 extension femanager before 1.0.9, a logged-in frontend user can modify or delete other frontend users' records due to missing access rights checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In TYPO3 extension femanager before 1.0.9, a logged-in frontend user can modify or delete other frontend users' records due to missing access rights checks.
Vulnerability
The TYPO3 extension femanager versions 1.0.8 and below fail to properly check access rights, allowing a logged-in frontend user to modify or delete records belonging to other frontend users [1][2]. The vulnerability is classified as privilege escalation with a severity of High [1][2].
Exploitation
An attacker must be a logged-in frontend user (requires authentication) and then exploit the missing access check to manipulate records of other users [1][2]. The exact vector is not fully specified in the references, but the vulnerability is reachable from the frontend without requiring administrative privileges [1][2].
Impact
Successful exploitation allows the attacker to modify or delete user records of other frontend users [1][2]. This can lead to unauthorized changes to user data, potentially causing loss of data integrity and confidentiality for affected users. The attacker does not gain full administrative control but can impact other users' data [1][2].
Mitigation
The vulnerability is fixed in femanager version 1.0.9, which was released on February 12, 2014, as part of the TYPO3 extension security bulletin [1][2]. Users of affected versions (1.0.8 and below) should update to 1.0.9 or later. No workaround is described. The extension author provided the fix in a timely manner [1][2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
in2code/femanagerPackagist | < 1.0.9 | 1.0.9 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- typo3.org/extensions/repository/view/femanagernvdPatchWEB
- typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/nvdPatchVendor Advisory
- github.com/advisories/GHSA-377v-8637-6vq6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-6292ghsaADVISORY
- typo3.org/security/advisory/typo3-ext-sa-2014-002ghsaWEB
News mentions
0No linked articles in our index yet.