| عنوان | mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration |
|---|
| الوصف | The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password. |
|---|
| المصدر | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 05/08/2025 09:13 AM (9 أشهر منذ) |
|---|
| الاعتدال | 13/08/2025 09:21 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 320033 [mtons mblog حتى 3.5.0 /settings/password الكشف عن المعلومات] |
|---|
| النقاط | 16 |
|---|