HIGH🇵🇱 Wersja polska

CVE-2020-18220

CVSS 7.5v3.1pub. 2021-05-20upd. 2024-11-21

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Html Js Doracms

    APP
    Html-Js
    ≤ 2.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-51840CRITICAL9.8PL ✓ten sam produkt

DoraCMS 2.1.8 — użycie zakodowanego na stałe klucza kryptograficznego

CVE-2023-49443CRITICAL9.8PL ✓ten sam produkt

DoraCMS – podatność na atak brute-force przez ponowne użycie kodu weryfikacyjnego

CVE-2022-35147CRITICAL9.8ten sam produkt

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.

CVE-2024-28715HIGH8.8ten sam produkt

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary ...

CVE-2026-3794MEDIUM5.5ten sam produkt

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the fi...