Описание
A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.409.20 (включая)
cpe:2.3:a:aquila-cms:aquilacms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries.
EPSS
Процентиль: 25%
0.00085
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-276