Lucene search

[email protected]NVD:CVE-2023-49443

HistoryDec 08, 2023 - 3:15 p.m.

CVE-2023-49443

2023-12-0815:15:07

CWE-307

[email protected]

web.nvd.nist.gov

doracms v2.1.8

code re-use

username validation

password validation

brute-force attack

application access vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.4%

JSON

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

Affected configurations

NVD

Node

html-jsdoracmsMatch2.1.8

References

github.com/woshinibaba222/DoraCMS-Verification-Code-Reuse

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for NVD:CVE-2023-49443

prion1 cvelist1 cve1