CVE-2024-38874

Name of the Vulnerable Software and Affected Versions events2 extension versions prior to 8.3.8 events2 extension versions 9.x prior to 9.0.6

Description An issue in the events2 extension for TYPO3 involves missing access checks in the management plugin, leading to an insecure direct object reference (IDOR) vulnerability. This vulnerability allows unauthenticated users to potentially activate or delete various events.

Recommendations For events2 extension version prior to 8.3.8, update to version 8.3.8 or later. For events2 extension version 9.x prior to 9.0.6, update to version 9.0.6 or later.