CVE-2023-49443

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DoraCMS version 2.1.8

Description The issue allows attackers to gain access to the application via a bruteforce attack due to the re-use of the same code for verification of valid usernames and passwords.

Recommendations For DoraCMS version 2.1.8, update to a newer version that does not reuse the same verification code for usernames and passwords to prevent bruteforce attacks. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2023-49443

Affected Products

Doracms

CVE-2023-49443

Weakness Enumeration

Related Identifiers

Affected Products

References · 5