Cydtseng

**Name of the Vulnerable Software and Affected Versions** funnyzpc Mee-Admin versions 1.6 and earlier **Description** A problematic issue was found in the Login component, affecting unknown code of the file /mee/login. The manipulation of the `username` argument leads to an observable response discrepancy. The attack can be initiated remotely, with a rather high complexity of attack and difficult exploitation. The issue has been disclosed to the public. **Recommendations** For versions 1.6 and earlier, as a temporary workaround, consider restricting access to the `/mee/login` endpoint until a patch is available. Avoid using the `username` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.