Количество 2
Количество 2
CVE-2025-52392
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
GHSA-vq9x-w82r-rhmc
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-52392 Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts. | CVSS3: 5.4 | 1% Низкий | 6 месяцев назад |
| GHSA-vq9x-w82r-rhmc Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms | CVSS3: 5.4 | 1% Низкий | 6 месяцев назад |
Уязвимостей на страницу