The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
oryginał ENAV:N/AC:L/Au:N/C:P/I:N/A:NSoftaculous Webuzo
APPSoftaculous2.1.02.1.12.1.2≤ 2.1.3
Powiązane podatności
Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell m...
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous We...