-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| in2code/femanager | composer | < 5.5.3 | 5.5.3 |
| in2code/femanager | composer | >= 6.0.0, < 6.3.4 | 6.3.4 |
| in2code/femanager | composer | >= 7.0.0, < 7.1.0 | 7.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly references a missing access check in the InvitationController. In TYPO3 controllers, action methods like 'updateAction' typically handle form submissions. The CWE-306 (Missing Authentication) and advisory description align with an unprotected controller action that processes sensitive operations like password changes. The pattern matches TYPO3's MVC structure where access checks are normally implemented via annotations or middleware, which appear to be missing here based on the vulnerability description.