Home > Vulnerability Database > CVE-2023-50459

Mend.io Vulnerability Database

CVE-2023-50459

Date: August 19, 2025

The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts.\n\nAnother missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.

Language: PHP

Severity Score

5.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50459

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-50459.yaml

Url: https://typo3.org/security/advisory/typo3-ext-sa-2023-010

Url: https://www.mend.io/vulnerability-database/CVE-2023-50459

Severity Score

5.4

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50459

Date: August 19, 2025

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?