| शीर्षक | mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration |
|---|
| विवरण | The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password. |
|---|
| स्रोत | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR |
|---|
| उपयोगकर्ता | ZAST.AI (UID 87884) |
|---|
| सबमिशन | 05/08/2025 09:13 AM (9 महीनों पहले) |
|---|
| संयम | 13/08/2025 09:21 PM (9 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 320033 [mtons mblog तक 3.5.0 /settings/password सूचना का प्रकटीकरण] |
|---|
| अंक | 16 |
|---|