Описание
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.6 (включая)
cpe:2.3:a:rudrasoftech:edusec:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00398
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
EPSS
Процентиль: 60%
0.00398
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307