CVE-2020-25026

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25026

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25026.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25026

Aliases

GHSA-g8rg-7rpr-cwr2

Published

2020-09-02T17:15:12.533Z

Modified

2026-02-03T07:09:27.342992Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The sfeventmgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.

References

Affected packages

Git / github.com/derhansen/sf_event_mgt

Affected ranges

Type: GIT
Repo: https://github.com/derhansen/sf_event_mgt
Events: Introduced

a97a1c085f3ec66325da1a8bd90bb8e00c40ea33

Fixed

17edcbf608b252cc1123e1279f0735f6aa28fef4

Fixed

9c8315aee5707d7dd000420bff9204ae96ef2ce7

Affected versions

5.*

5.0.0

5.0.1

5.1.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25026.json"