mblog <=3.5.0 Password Enumeration信息

标题	mtons https://gitee.com/mtons/mblog <=3.5.0 Password Enumeration
描述	The /settings/password endpoint is used for setting passwords, has no rate limiting, no CAPTCHA protection, leading to the ability to brute force user passwords, and after matching the password, directly modify it to a new password.
来源	⚠️ https://gitee.com/mtons/mblog/issues/ICPMIR
用户	ZAST.AI (UID 87884)
提交	2025-08-05 09時13分 (9 月前)
管理	2025-08-13 21時21分 (9 days later)
状态	已接受
VulDB条目	320033 [mtons mblog 直到 3.5.0 /settings/password 信息公开]
积分	16

Do you know our Splunk app?

Download it now for free!