CVE-2024-38874

An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...

CVE-2024-38874

An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...

CVE-2024-38874

The CVE-2024-38874 issue affects the TYPO3 Events 2 extension (events2) prior to 8.3.8 and prior to 9.0.6 for TYPO3. The root cause is missing access checks in the management plugin, creating an insecure direct object reference (IDOR). This could allow an unauthenticated attacker to activate or d...

CVE-2024-38874

An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...

CVE-2024-38874

An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...

TYPO3-EXT-SA-2024-003: Multiple vulnerabilities in "Events 2" (events2)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-003...