Vulnerability Details : CVE-2014-6292
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-6292
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
References for CVE-2014-6292
-
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/
Several vulnerabilities in third party extensionsPatch;Vendor Advisory
-
http://typo3.org/extensions/repository/view/femanager
femanager (femanager)Patch
Products affected by CVE-2014-6292
- cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.3:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.2:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.1:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.0:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.7:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.5:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.6:*:*:*:*:typo3:*:*
- cpe:2.3:a:in2code:femanager:1.0.4:*:*:*:*:typo3:*:*