Description

The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.

Remediation

References

CVE-2010-3716

Related Vulnerabilities

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)

Magento Violation of Secure Design Principles Vulnerability (CVE-2021-28583)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8264)

Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)

Severity

Medium

Classification

CVE-2010-3716 CWE-20

Tags

Missing Update Known Vulnerabilities