Description
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bulk Creator Cross-Site Scripting (1.0.1)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.2.1)
WordPress Plugin GS Books Showcase Cross-Site Scripting (1.3.0)
MySQL CVE-2015-2641 Vulnerability (CVE-2015-2641)
WordPress Plugin WP Reactions Lite Cross-Site Scripting (1.3.5)