CVE-2024-24751

2024-02-1319:15:10

CWE-284

CWE-863

[email protected]

web.nvd.nist.gov

sf_event_mgt

typo3 cms

extbase

fluid

cve-2024-24751

access control

vulnerability

upgrade

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the $this->redirect() function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

Node

derhansenevent_management_and_registrationRange7.0.0–7.4.0

VendorProductVersionCPE
derhansenevent_management_and_registration*cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
derhansen	event_management_and_registration	*	cpe:2.3:a:derhansen:event_management_and_registration::::::::

CNA Affected

[
  {
    "vendor": "derhansen",
    "product": "sf_event_mgt",
    "versions": [
      {
        "version": ">= 7.0.0, < 7.4.0",
        "status": "affected"
      }
    ]
  }
]