CVE-2018-19548
CVE-2018-19548 affects EduSec prior to or up to version 4.2.6 where the login endpoint (index.php?r=site%2Flogin) does not restrict a sequence of LoginForm[username] and LoginForm[password] parameters. This input handling flaw can enable remote attackers to attempt brute-force access against the ...