7 matches found
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
Design/Logic Flaw
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
CVE-2022-30076
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...
CVE-2022-30076
CVE-2022-30076 affects ENTAB ERP 1.0. The issue is an information disclosure where an attacker can discover users’ full names by brute-forcing a sequence of student usernames (e.g., s10000–s20000) due to no rate limiting on login. Documented impact is exposure of user PIIs with potential leakage ...
ENTAB ERP 1.0 Information Disclosure
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
ENTAB ERP 1.0 - Username PII leak Vulnerability
Exploit Title: ENTAB ERP 1.0 - Username PII leak Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab software in...