CVE-2024-24751
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-24751
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24751.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-24751
- Aliases
- Published
- 2024-02-13T19:15:10Z
- Modified
- 2024-10-18T18:47:55.083691Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the
RedirectResponsefrom the$this->redirect()function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
Affected packages
Git / github.com/derhansen/sf_event_mgt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/derhansen/sf_event_mgt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.5.0
0.5.1
0.5.2
0.5.3
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.6.1
1.7.0
1.7.1
1.8.0
1.8.1
2.*
2.0.0
2.1.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.2.1
5.*
5.0.0
5.0.1
5.1.0
5.1.1
5.2.0
5.3.0
5.4.0
5.4.1
5.4.2
5.5.0
5.6.0
6.*
6.0.0
6.0.1
6.1.0
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.3.0
6.3.1
7.*
7.0.0
7.1.0
7.1.1
7.1.2
7.1.3
7.2.0
7.3.0
7.3.1
7.3.2
7.3.3