Podatność CVE-2024-0425


Publikacja: 2024-01-11

Opis:
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.

Typ:

CWE-640

(Weak Password Recovery Mechanism for Forgotten Password)

 Referencje:
https://vuldb.com/?id.250444
https://vuldb.com/?ctiid.250444
https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md

Copyright 2024, cxsecurity.com

 

Back to Top