CVE-2019-18986
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM
Description
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* | n/a | 6.2.2 | * |