Description
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
Remediation
References
Related Vulnerabilities
Perl Numeric Errors Vulnerability (CVE-2011-2939)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)
WordPress Plugin DirectoryPress-Business Directory And Classified Ad Listing SQL Injection (3.6.10)
WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Scripting (4.11.0.1)