exploitDog

CVE-2018-17368

Опубликовано: 23 сент. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

Ссылки

https://github.com/sanluan/PublicCMS/issues/18
Exploit
Third Party Advisory
https://github.com/sanluan/PublicCMS/issues/18
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:publiccms:publiccms:4.0.180825:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3j9p-rx9v-8q37

CVSS3: 5.3

github

больше 3 лет назад

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

EPSS

Процентиль: 46%

0.00232

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo