CVE-2018-17368

2018-09-2322:00:00

mitre

www.cve.org

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

40.5%

JSON

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

References

github.com/sanluan/PublicCMS/issues/18