THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-38874

Assigner:mitre
Reserved:2024-06-21
Published:2024-06-21
Updated:2024-06-21

Description

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.



MEDIUM: 5.4CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N

References

https://typo3.org/security/advisory/typo3-ext-sa-2024-003

cve.org CVE-2024-38874

nvd.nist.gov CVE-2024-38874

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-38874
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit