Description
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
Remediation
References
Related Vulnerabilities
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)
Drupal Incorrect Authorization Vulnerability (CVE-2011-2726)
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)
WordPress Plugin Controlled Admin Access Security Bypass (1.4.0)
Atlassian Jira CVE-2021-26081 Vulnerability (CVE-2021-26081)