The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution via unsafe deserialization.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution via unsafe deserialization.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files.
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.