CVE-2020-25026: Information Disclosure in TYPO3 extension sf_event_mgt
(updated )
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
References
- github.com/advisories/GHSA-g8rg-7rpr-cwr2
- github.com/derhansen/sf_event_mgt/commit/17edcbf608b252cc1123e1279f0735f6aa28fef4
- github.com/derhansen/sf_event_mgt/security/advisories/GHSA-g8rg-7rpr-cwr2
- nvd.nist.gov/vuln/detail/CVE-2020-25026
- packagist.org/packages/derhansen/sf_event_mgt
- typo3.org/help/security-advisories
- typo3.org/security/advisory/typo3-ext-sa-2020-017
Code Behaviors & Features
Detect and mitigate CVE-2020-25026 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →