An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CPE | Name | Operator | Version |
---|---|---|---|
publiccms | eq | 4.0.180825 |