Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-24xj-r6rg-2w25

Опубликовано: 07 фев. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 9.9

Описание

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

EPSS

Процентиль: 37%
0.0015
Низкий

9.9 Critical

CVSS3

Дефекты

CWE-620

Связанные уязвимости

CVSS3: 9.9
nvd
6 месяцев назад

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

EPSS

Процентиль: 37%
0.0015
Низкий

9.9 Critical

CVSS3

Дефекты

CWE-620