| Titel | mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration |
|---|
| Beschreibung | The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password. |
|---|
| Quelle | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 05.08.2025 09:13 (vor 9 Monaten) |
|---|
| Moderieren | 13.08.2025 21:21 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 320033 [mtons mblog bis 3.5.0 /settings/password Information Disclosure] |
|---|
| Punkte | 16 |
|---|