Improper access control

2020-09-0217:15:00

PRIOn knowledge base

www.prio-n.com

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.

CPENameOperatorVersion
event_management_and_registrationge5.0.0
event_management_and_registrationlt5.1.1
event_management_and_registrationlt4.3.1

Name	Operator	Version
event_management_and_registration	ge	5.0.0
event_management_and_registration	lt	5.1.1
event_management_and_registration	lt	4.3.1

References

typo3.org/help/security-advisories

typo3.org/security/advisory/typo3-ext-sa-2020-017