phanan/koel is vulnerable to brute-force attack. Lack of CAPTCHA and throttling controls on the login page allows an attacker to repeatedly submit the login form with different values in an attempt to discover usernames and passwords.
CPE | Name | Operator | Version |
---|---|---|---|
phanan/koel | le | v5.1.3 |