CVE-2020-25026

Published: Sep 2, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.

Affected (2)

Products: Derhansen: Event Management And Registration

Derhansen

1 product

Event Management And Registration

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Derhansen Event Management And Registration	Before 4.3.1
Derhansen Event Management And Registration	From 5.0.0 to 5.1.1

References (4)

https://typo3.org/help/security-advisories

Source: cve@mitre.org

Vendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2020-017

Source: cve@mitre.org

Vendor Advisory

https://typo3.org/help/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2020-017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.