2 matches found
CVE-2018-19548
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginFormusername and LoginFormpassword parameters, which might make it easier for remote attackers to obtain access via a brute-force approach...
CVE-2018-19548
CVE-2018-19548 affects EduSec prior to or up to version 4.2.6 where the login endpoint (index.php?r=site%2Flogin) does not restrict a sequence of LoginForm[username] and LoginForm[password] parameters. This input handling flaw can enable remote attackers to attempt brute-force access against the ...