CVE-2024-38874

Published: Jun 21, 2024Modified: Mar 24, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: MITRE (Secondary)

Description

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.

Related CWEs

CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (2)

https://typo3.org/security/advisory/typo3-ext-sa-2024-003

Source: cve@mitre.org

https://typo3.org/security/advisory/typo3-ext-sa-2024-003

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.