CVE-2024-24751

Published: Feb 13, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (1)

Products: Derhansen: Event Management And Registration

1 product

Event Management And Registration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Derhansen Event Management And Registration	Version 7.0.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c

Source: security-advisories@github.com

Patch

https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j

Source: security-advisories@github.com

Vendor Advisory

https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.