CVE-2018-16703

Name of the Vulnerable Software and Affected Versions Gleez CMS version 1.2.0

Description The issue is related to insufficient server-side access control and login attempt limit enforcement on the login page. This could allow an unauthenticated, remote attacker to perform multiple user enumerations by sending modified login attempts to the Portal login page, such as navigating to the user/4 URI. An exploit could enable the attacker to identify existing users and perform brute-force password attacks.

Recommendations For Gleez CMS version 1.2.0, consider temporarily restricting access to the login page or implementing additional server-side access controls to minimize the risk of exploitation. Restricting the number of login attempts from a single IP address within a certain time frame can also help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.