derhansen/sf_event_mgt is vulnerable to information disclosure. Missing access checks in the backend module allows an authenticated user to export restricted participant data for events or send emails to event participants for events which the user does not have access to.
CPE | Name | Operator | Version |
---|---|---|---|
derhansen/sf_event_mgt | le | 5.1.0 | |
derhansen/sf_event_mgt | le | 4.3.0 |