| शीर्षक | elunez eladmin <=2.7 Sensitive Information Disclosure |
|---|
| विवरण | In eladmin versions up to 2.7, the /auth/info endpoint returns user information without filtering entity fields. As a result, sensitive data including the user’s password hash is mistakenly returned, creating a risk of offline password brute-force attacks. |
|---|
| स्रोत | ⚠️ https://github.com/elunez/eladmin/issues/885 |
|---|
| उपयोगकर्ता | ez-lbz (UID 87033) |
|---|
| सबमिशन | 10/08/2025 06:21 AM (11 महीनों पहले) |
|---|
| संयम | 20/08/2025 01:07 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 320773 [elunez eladmin तक 2.7 /auth/info सूचना का प्रकटीकरण] |
|---|
| अंक | 17 |
|---|