CVE-2020-25026

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:typo3:*:*
cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:typo3:*:*

History

21 Nov 2024, 05:16

Type Values Removed Values Added
References () https://typo3.org/help/security-advisories - Vendor Advisory () https://typo3.org/help/security-advisories - Vendor Advisory
References () https://typo3.org/security/advisory/typo3-ext-sa-2020-017 - Vendor Advisory () https://typo3.org/security/advisory/typo3-ext-sa-2020-017 - Vendor Advisory

Information

Published : 2020-09-02 17:15

Updated : 2024-11-21 05:16


NVD link : CVE-2020-25026

Mitre link : CVE-2020-25026

CVE.ORG link : CVE-2020-25026


JSON object : View

Products Affected

derhansen

  • event_management_and_registration