Improper access control in femanager - CVE-2022-44543
Published: November 7, 2022
femanager
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the "usergroup.inList". A remote attacker can bypass implemented security restrictions and add new frontend users created by the extension into groups that are restricted