mblog <=3.5.0 Password Enumerationinformação

Título	mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration
Descrição	The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password.
Fonte	⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR
Utilizador	ZAST.AI (UID 87884)
Submissão	05/08/2025 09h13 (há 9 meses)
Moderação	13/08/2025 21h21 (9 days later)
Estado	Aceite
Entrada VulDB	320033 [mtons mblog até 3.5.0 /settings/password Divulgação de Informação]
Pontos	16

Interested in the pricing of exploits?

See the underground prices here!