| Название | mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration |
|---|
| Описание | The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password. |
|---|
| Источник | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR |
|---|
| Пользователь | ZAST.AI (UID 87884) |
|---|
| Представление | 05.08.2025 09:13 (9 месяцы назад) |
|---|
| Модерация | 13.08.2025 21:21 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 320033 [mtons mblog до 3.5.0 /settings/password раскрытие информации] |
|---|
| Баллы | 16 |
|---|