Описание
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.2 (включая) до 3.7 (включая)
cpe:2.3:a:yzmcms:yzmcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00691
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
EPSS
Процентиль: 71%
0.00691
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-200