mblog <=3.5.0 Password Enumerationinformation

Titre	mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration
Description	The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password.
La source	⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR
Utilisateur	ZAST.AI (UID 87884)
Soumission	05/08/2025 09:13 (il y a 9 mois)
Modérer	13/08/2025 21:21 (9 days later)
Statut	Accepté
Entrée VulDB	320033 [mtons mblog jusqu’à 3.5.0 /settings/password divulgation d'information]
Points	16

Do you want to use VulDB in your project?

Use the official API to access entries easily!