CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-20371

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile22.91th
Published2018年12月23日
Last Modified2024年11月21日

Vulnerability Description

PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.

Affected Platforms (CPE)

📦
Photorange Photo Vault Project

Photorange Photo Vault

= 1.2

References & Advisories

🔗 https://www.vulnerability-lab.com/get_content.php?id=2110
🔗 https://www.vulnerability-lab.com/get_content.php?id=2110

関連する脆弱性情報

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...