CVE Vulnerabilities

CVE-2020-25026

Published: Sep 02, 2020 | Modified: Jul 21, 2021
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.

Affected Software

Name Vendor Start Version End Version
Event_management_and_registration Derhansen * 4.3.1 (excluding)
Event_management_and_registration Derhansen 5.0.0 (including) 5.1.1 (excluding)

References