index.php?r=site%2Flogin in EduSec through 4.2.6 does not...
Critical severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Nov 26, 2018
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 1, 2023
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.
References