The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NSick Field Analytics
APPSickwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-49199HIGH8.8ten sam produkt
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a ...
CVE-2025-49184HIGH7.5ten sam produkt
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...
CVE-2025-49186MEDIUM5.3ten sam produkt
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a...
CVE-2025-49190MEDIUM4.3ten sam produkt
The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server in...
CVE-2025-49187MEDIUM5.3ten sam produkt
For failed login attempts, the application returns different error messages depending on whether the login fai...