Описание
An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users.
Ссылки
- Not Applicable
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:interviewx:echo:2.2:*:*:*:*:*:*:*
cpe:2.3:a:interviewx:echo:2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 7.5
github
2 месяца назад
An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users.
EPSS
Процентиль: 23%
0.00077
Низкий
7.5 High
CVSS3
Дефекты
CWE-400