CVE-2024-24751

Broken Access Control in Backend Module in sf_event_mgt

CVSS 4.3 MEDIUMEPSS 0.5%CWE-284 CWE-863

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 fev 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

derhansen · sf_event_mgt

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j