CVE-2018-17368

Published: Sep 23, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

Affected (1)

Products: Publiccms: Publiccms

Publiccms

1 product

Publiccms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Publiccms Publiccms	Version 4.0.180825

References (2)

https://github.com/sanluan/PublicCMS/issues/18

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sanluan/PublicCMS/issues/18

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.