exploitDog

CVE-2020-23359

Опубликовано: 27 янв. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.

Ссылки

https://github.com/renlok/WeBid/issues/530
Exploit
Issue Tracking
Third Party Advisory
https://github.com/renlok/WeBid/issues/530
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webidsupport:webid:1.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00363

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-697

Связанные уязвимости

GHSA-h43h-m87r-6x6h

github

больше 3 лет назад

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.

EPSS

Процентиль: 58%

0.00363

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-697