The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
References
Link | Resource |
---|---|
https://typo3.org/help/security-advisories | Vendor Advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2020-017 | Vendor Advisory |
https://typo3.org/help/security-advisories | Vendor Advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2020-017 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://typo3.org/help/security-advisories - Vendor Advisory | |
References | () https://typo3.org/security/advisory/typo3-ext-sa-2020-017 - Vendor Advisory |
Information
Published : 2020-09-02 17:15
Updated : 2024-11-21 05:16
NVD link : CVE-2020-25026
Mitre link : CVE-2020-25026
CVE.ORG link : CVE-2020-25026
JSON object : View
Products Affected
derhansen
- event_management_and_registration
CWE