Browse all 11 CVE security advisories affecting alfio-event. AI-powered Chinese analysis, POCs, and references for each vulnerability.
alfio-event is an open-source event management platform primarily used for conference and workshop organization. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS), and privilege escalation vulnerabilities, with 11 CVEs documented. These issues often stem from insufficient input validation and improper access controls. The platform's security posture has been compromised in incidents where attackers exploited these weaknesses to gain unauthorized system access or execute malicious code. Regular security updates are recommended for users, as past vulnerabilities have demonstrated potential for complete system compromise when unpatched.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45300 | Bypassing promo code limitations with race conditions — alf.ioCWE-362 | 7.5 | High | 2024-09-06 |
| CVE-2024-45299 | alf.io's preloaded data as json is not escaped correctly — alf.ioCWE-116 | 6.5 | Medium | 2024-09-06 |
| CVE-2024-25634 | IDOR make user can read e-mail log sent by other events — alf.ioCWE-497 | 7.2 | High | 2024-02-19 |
| CVE-2024-25635 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS — alf.ioCWE-612 | 8.8 | High | 2024-02-19 |
| CVE-2024-25627 | Cross-Site Scripting (XSS) via File Upload in Alf.io — alf.ioCWE-79 | 3.5 | Low | 2024-02-16 |
| CVE-2024-25628 | Insufficient Session Expiration in alf.io — alf.ioCWE-613 | 7.6 | High | 2024-02-16 |
This page lists every published CVE security advisory associated with alfio-event. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.