exploitDog

CVE-2020-28642

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.

Ссылки

https://www.whitehack.de/advisories/HWADV2020-001.txt
Third Party Advisory
https://www.whitehack.de/advisories/HWADV2020-001.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infinitewp:infinitewp:*:*:*:*:*:*:*:*

Версия до 3.1.12.3 (исключая)

EPSS

Процентиль: 72%

0.00703

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-9qfg-3vc9-gp3w

github

больше 3 лет назад

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.

EPSS

Процентиль: 72%

0.00703

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-338