The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
References
Link | Resource |
---|---|
https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-05T11:00:00
Updated: 2018-06-05T10:57:01
Reserved: 2018-05-29T00:00:00
Link: CVE-2018-11554
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-05T11:29:00.243
Modified: 2018-07-31T19:40:35.207
Link: CVE-2018-11554
JSON object: View
Redhat Information
No data.
CWE