A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
sf_event_mgt | le | 4.3.0 | |
sf_event_mgt | ge | 5.0.0 | |
sf_event_mgt | le | 5.1.0 |