Vulnerabilities

CVE-2024-6425

by Fred · 01/07/2024

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route “/account/Register/” and in the parameters “UserName=&Password=&ConfirmPassword=“.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook

Similar

Tags: Cybersecurity Alert