Vulnerability Details : CVE-2020-25026
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
Vulnerability category: Information leak
Products affected by CVE-2020-25026
- Derhansen » Event Management And Registration » For Typo3Versions from including (>=) 5.0.0 and before (<) 5.1.1cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:typo3:*:*
- cpe:2.3:a:derhansen:event_management_and_registration:*:*:*:*:*:typo3:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-25026
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25026
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2020-25026
-
https://typo3.org/help/security-advisories
TYPO3 Security BulletinsVendor Advisory
-
https://typo3.org/security/advisory/typo3-ext-sa-2020-017
TYPO3-EXT-SA-2020-017: Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt)Vendor Advisory
Jump to