CVE-2019-17240

Published October 6th, 2019

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

bludit/bludit

Simple, Fast, Secure, Flat-File CMS

GitHub

1.43K