| Title | mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration |
|---|
| Description | The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password. |
|---|
| Source | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 08/05/2025 09:13 (9 months ago) |
|---|
| Moderation | 08/13/2025 21:21 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 320033 [mtons mblog up to 3.5.0 /settings/password excessive authentication] |
|---|
| Points | 16 |
|---|