Описание
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
EPSS
Процентиль: 75%
0.00906
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 5.4
github
6 месяцев назад
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
EPSS
Процентиль: 75%
0.00906
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-307