Pimcore before 6.2.2 allow attackers... CVE-2019-18986

5.0 AV AC AU C I A
发布: 2019-11-15
修订: 2019-11-21

Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息