{"id":"CVE-2022-44543","details":"The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.","aliases":["GHSA-59m9-p6cm-94q5"],"modified":"2026-02-11T13:26:39.889862Z","published":"2023-12-12T17:15:07.663Z","references":[{"type":"ADVISORY","url":"https://typo3.org/help/security-advisories"},{"type":"ADVISORY","url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-015"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/in2code-de/femanager","events":[{"introduced":"0"},{"fixed":"166ea2116d6669b8fde34362ba52d6e30f8231db"},{"introduced":"9a09b57bb3f4b30a8aeafe6da114f81030495bc4"},{"fixed":"cc40e78876647d1e76cfe7d9040d1704515b6003"}]}],"versions":["6.0.0","6.0.1","6.1.0","6.1.1","6.1.2","6.2.0","6.2.1","6.3.0","6.3.1","6.3.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-44543.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}