Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HAlf
APPAlf< 2.0-m4-2402
Related vulnerabilities
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior...
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data ...
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view...
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0...
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io ...