Description

The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.

Remediation

References

CVE-2010-3716

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2011-1466)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589)

WordPress Plugin Two Factor Authentication Cross-Site Request Forgery (1.3.12)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4907)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More SQL Injection (16.26.5)

Severity

Medium

Classification

CVE-2010-3716 CWE-20

Tags

Missing Update Known Vulnerabilities