VYPR

Femanager

by Aimeos

CVEs (1)

  • CVE-2023-50459medDec 13, 2023
    risk 0.26cvss epss 0.00

    The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of…