cbcvebase.
CVE-2022-47406
published 2022-12-14

CVE-2022-47406: An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension…

PriorityP342critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.44%
35.2th percentile
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

Affected

6 ranges
VendorProductVersion rangeFixed in
change_password_for_frontend_users_projectchange_password_for_frontend_users< 2.0.52.0.5
change_password_for_frontend_users_projectchange_password_for_frontend_users>= 3.0.0 < 3.0.33.0.3
derhansenfe_change_pwd>= 0 < 2.0.52.0.5
derhansenfe_change_pwd>= 3.0.0 < 3.0.33.0.3
typo3cms>= 0 < 2.0.52.0.5
typo3cms>= 3.0.0 < 3.0.33.0.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.