CVE-2024-38874

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 21, 2024

Summary

CVE-2024-38874 is a vulnerability affecting the events2 extension before version 8.3.8 and 9.x before 9.0.6 used in TYPO3. This issue involves missing access checks in the management plugin, resulting in an insecure direct object reference (IDOR) vulnerability. Unauthenticated users can exploit this IDOR to activate or delete various events, potentially leading to unintended consequences on the targeted system. This flaw poses a significant risk to TYPO3 users and requires prompt patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wlEmRE
https://www.cve.org/CVERecord?id=CVE-2024-38874
https://nvd.nist.gov/vuln/detail/CVE-2024-38874

Back to Vulnerability Database

CVE-2024-38874

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations