Vulnerability Details CVE-2020-25026
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2020-25026
-
cpe:2.3:a:derhansen:event_management_and_registration:0.5.0
-
cpe:2.3:a:derhansen:event_management_and_registration:0.5.1
-
cpe:2.3:a:derhansen:event_management_and_registration:0.5.2
-
cpe:2.3:a:derhansen:event_management_and_registration:0.5.3
-
cpe:2.3:a:derhansen:event_management_and_registration:1.0.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.0.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.1.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.1.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.2.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.3.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.3.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.4.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.4.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.5.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.5.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.6.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.6.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.7.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.7.1
-
cpe:2.3:a:derhansen:event_management_and_registration:1.8.0
-
cpe:2.3:a:derhansen:event_management_and_registration:1.8.1
-
cpe:2.3:a:derhansen:event_management_and_registration:2.0.0
-
cpe:2.3:a:derhansen:event_management_and_registration:2.1.0
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.0
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.1
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.2
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.3
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.4
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.5
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.6
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.7
-
cpe:2.3:a:derhansen:event_management_and_registration:3.0.8
-
cpe:2.3:a:derhansen:event_management_and_registration:4.0.0
-
cpe:2.3:a:derhansen:event_management_and_registration:4.0.1
-
cpe:2.3:a:derhansen:event_management_and_registration:4.1.0
-
cpe:2.3:a:derhansen:event_management_and_registration:4.1.1
-
cpe:2.3:a:derhansen:event_management_and_registration:4.1.2
-
cpe:2.3:a:derhansen:event_management_and_registration:4.1.3
-
cpe:2.3:a:derhansen:event_management_and_registration:4.2.0
-
cpe:2.3:a:derhansen:event_management_and_registration:4.2.1
-
cpe:2.3:a:derhansen:event_management_and_registration:4.2.2
-
cpe:2.3:a:derhansen:event_management_and_registration:4.3.0
-
cpe:2.3:a:derhansen:event_management_and_registration:5.0.0
-
cpe:2.3:a:derhansen:event_management_and_registration:5.0.1
-
cpe:2.3:a:derhansen:event_management_and_registration:5.1.0