7 matches found
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
Design/Logic Flaw
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
CVE-2022-30076
CVE-2022-30076 affects ENTAB ERP 1.0. The issue is an information disclosure where an attacker can discover users’ full names by brute-forcing a sequence of student usernames (e.g., s10000–s20000) due to no rate limiting on login. Documented impact is exposure of user PIIs with potential leakage ...
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
ENTAB ERP 1.0 Information Disclosure
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
ENTAB ERP 1.0 - Username PII leak Vulnerability
Exploit Title: ENTAB ERP 1.0 - Username PII leak Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab software in...