Code injection

2023-06-2720:15:00

PRIOn knowledge base

www.prio-n.com

cmseasy v7.0.0

code injection

clear text

user credentials

encryption issue

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

CPENameOperatorVersion
cmseasyeq7.0

CPE	Name	Operator	Version
	cmseasy	eq	7.0

References

github.com/source-hunter/cmseasy/issues/1