Описание
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.7.0 (исключая)
cpe:2.3:a:shilpisoft:client_dashboard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0062
Низкий
7.5 High
CVSS3
Дефекты
CWE-799
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.
EPSS
Процентиль: 70%
0.0062
Низкий
7.5 High
CVSS3
Дефекты
CWE-799
NVD-CWE-Other