CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20371

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile22.91th
PublishedDec 23, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.

Affected Platforms (CPE)

📦
Photorange Photo Vault Project

Photorange Photo Vault

= 1.2

References & Advisories

🔗 https://www.vulnerability-lab.com/get_content.php?id=2110
🔗 https://www.vulnerability-lab.com/get_content.php?id=2110

Related Vulnerabilities

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...