13 matches found
CVE-2024-24751
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
CVE-2024-24751
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
Design/Logic Flaw
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
CVE-2024-24751
The vulnerability CVE-2024-24751 affects the sf_event_mgt TYPO3 extension (backend module). The root cause is mishandling of the RedirectResponse from the $this->redirect() function after upgrading to TYPO3 12.4, which breaks an existing access control check for events in the backend. This lea...
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the $this-redirect function was never handled...
sf_event_mgt Security Vulnerability
sfeventmgt is a TYPO3 CMS event management and registration extension based on ExtBase and Fluid. A security vulnerability exists in version 7.0.0 of sfeventmgt, which stems from a security flaw during the update of the extension to TYPO3 12.4...
Information Disclosure in TYPO3 extension sf_event_mgt
A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...
GHSA-G8RG-7RPR-CWR2 Information Disclosure in TYPO3 extension sf_event_mgt
A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...
CVE-2020-25026
The sfeventmgt aka Event management and registration extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure participant data, and event data via email because of Broken Access Control...
Improper access control
The sfeventmgt aka Event management and registration extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure participant data, and event data via email because of Broken Access Control...
CVE-2020-25026
The CVE-2020-25026 entry applies to the TYPO3 extension sf_event_mgt (Event management and registration). It describes a Broken Access Control vulnerability that allows information disclosure of participant and event data via email for the versions before 4.3.1 (and 5.x before 5.1.1). The documen...