CVE-2023-25156

🗓️ 15 Feb 2023 15:11:15Reported by [email protected]Type

Kiwi TCMS does not impose rate limits, making it susceptible to brute-force attacks. Upgrade to v12.0+ for patch or alternatively, install a rate-limiting proxy.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
OSV	CVE-2023-25156	15 Feb 202315:15	–	osv
OSV	No protection against brute-force attacks on login page	15 Feb 202318:10	–	osv
Github Security Blog	No protection against brute-force attacks on login page	15 Feb 202318:10	–	github
CVE	CVE-2023-25156	15 Feb 202315:15	–	cve
Prion	Code injection	15 Feb 202315:15	–	prion
Cvelist	CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page	15 Feb 202300:00	–	cvelist
Vulnrichment	CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page	15 Feb 202300:00	–	vulnrichment

Nvd

Node

kiwitcms kiwi_tcmsRange<12.0

Source	Link
github	www.github.com/kiwitcms/Kiwi/commit/0ed213fa0ddb7a6dc77e3c3b99e8fc90ccdaf46f
huntr	www.huntr.dev/bounties/2b1a9be9-45e9-490b-8de0-26a492e79795/
github	www.github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9
kiwitcms	www.kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Feb 2023 15:15Current

7.9High risk

Vulners AI Score7.9

CVSS39.8

EPSS0.00217