Home > Vulnerability Database > CVE-2024-24751

Mend.io Vulnerability Database

CVE-2024-24751

Good to know:

Date: February 13, 2024

sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

4.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24751

Url: https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j

Url: https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c

Url: https://www.mend.io/vulnerability-database/CVE-2024-24751

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 7.4.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24751

Good to know:

Date: February 13, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?