CVE-2024-9907 | QileCMS up to 1.1.3 Verification Code Forget.php sendEmail password recovery

Inserito da Angelo Barbosa | Ott 12, 2024 | CVE

A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery.

This vulnerability was named CVE-2024-9907. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-9907 | QileCMS up to 1.1.3 Verification Code Forget.php sendEmail password recovery

Post correlati

CVE-2024-36972 | Linux Kernel prior 6.10-rc1 af_unix __unix_gc null pointer dereference (9841991a446c)

CVE-2024-5121 | SourceCodester Event Registration System 1.0 e cross site scripting

CVE-2024-2595 | Amssplus AMSS++ 4.31 bookdetail_khet_person.php b_id cross site scripting

CVE-2024-3994 | Tutor LMS Plugin up to 2.6.2 on WordPress Shortcode tutor_instructor_list cross site scripting