| عنوان | elunez eladmin <=2.7 Sensitive Information Disclosure |
|---|
| الوصف | In eladmin versions up to 2.7, the /auth/info endpoint returns user information without filtering entity fields. As a result, sensitive data including the user’s password hash is mistakenly returned, creating a risk of offline password brute-force attacks. |
|---|
| المصدر | ⚠️ https://github.com/elunez/eladmin/issues/885 |
|---|
| المستخدم | ez-lbz (UID 87033) |
|---|
| ارسال | 10/08/2025 06:21 AM (11 أشهر منذ) |
|---|
| الاعتدال | 20/08/2025 01:07 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 320773 [elunez eladmin حتى 2.7 /auth/info الكشف عن المعلومات] |
|---|
| النقاط | 17 |
|---|