CVE-2019-25434

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SpotAuditor version 5.3.1.0

Description The application is susceptible to a denial of service condition. Unauthenticated attackers can cause the application to crash by providing an excessive amount of data—5000 bytes or more—in the registration name field. Specifically, entering a large string of characters in the registration name field triggers an unhandled exception, leading to application failure. The affected API endpoint is the registration form.

Recommendations Limit the maximum length of the registration name field to prevent excessively large inputs.

Exploit

Fix

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2019-25434

Affected Products

Spotauditor

CVE-2019-25434

Weakness Enumeration

Related Identifiers

Affected Products

References · 7