mtons mblog har 3.5.0 /settings/password Bayani fitowa

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a mtons mblog har 3.5.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /settings/password, a cikin sashi $software_component. Wuro manipulation ga Bayani fitowa. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-307. Lalle, rauni an sanar da shi 08/13/2025 da ICPMIR. Ana samun bayanin tsaro don saukewa a gitee.com. Ana kiran wannan rauni da CVE-2025-9004. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a gitee.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Goyarwa · 87 Datenpunkte

FurɗeSúgá
08/13/2025 21:26		Gargadi 1/3
08/15/2025 09:27		Gargadi 2/3
08/19/2025 03:21		Gargadi 3/3
08/19/2025 15:01
cvss4_vuldb_ePPPP
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_rlXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore2.62.62.62.6
cvss2_vuldb_tempscore2.22.22.22.2
cvss3_vuldb_basescore3.73.73.73.7
cvss3_vuldb_tempscore3.43.43.43.4
cvss3_meta_basescore3.73.73.73.7
cvss3_meta_tempscore3.43.53.53.5
cvss4_vuldb_bscore6.36.36.36.3
cvss4_vuldb_btscore2.92.92.92.9
advisory_date1755036000 (08/13/2025)1755036000 (08/13/2025)1755036000 (08/13/2025)1755036000 (08/13/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_vendormtonsmtonsmtonsmtons
software_namemblogmblogmblogmblog
software_version<=3.5.0<=3.5.0<=3.5.0<=3.5.0
software_file/settings/password/settings/password/settings/password/settings/password
vulnerability_cweCWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)
vulnerability_risk1111
cvss3_vuldb_avNNNN
cvss3_vuldb_acHHHH
cvss3_vuldb_prNNNN
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iNNNN
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
advisory_identifierICPMIRICPMIRICPMIRICPMIR
advisory_urlhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIR
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIRhttps://gitee.com/mtons/mblog/issues/ICPMIR
source_cveCVE-2025-9004CVE-2025-9004CVE-2025-9004CVE-2025-9004
cna_responsibleVulDBVulDBVulDBVulDB
cvss2_vuldb_avNNNN
cvss2_vuldb_acHHHH
cvss2_vuldb_auNNNN
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiNNNN
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss4_vuldb_avNNNN
cvss4_vuldb_acHHHH
cvss4_vuldb_prNNNN
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcLLLL
cvss4_vuldb_viNNNN
cvss4_vuldb_vaNNNN
cve_nvd_summaryA vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
cvss4_cna_avNNN
cvss4_cna_acHHH
cvss4_cna_atNNN
cvss4_cna_prNNN
cvss4_cna_uiNNN
cvss4_cna_vcLLL
cvss4_cna_viNNN
cvss4_cna_vaNNN
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore6.36.36.3
cvss3_cna_avNNN
cvss3_cna_acHHH
cvss3_cna_prNNN
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iNNN
cvss3_cna_aNNN
cvss3_cna_basescore3.73.73.7
cvss2_cna_avNNN
cvss2_cna_acHHH
cvss2_cna_auNNN
cvss2_cna_ciPPP
cvss2_cna_iiNNN
cvss2_cna_aiNNN
cvss2_cna_basescore2.62.62.6
cve_nvd_summaryesSe encontró una vulnerabilidad en mtons mblog hasta la versión 3.5.0. Este problema afecta a un procesamiento desconocido del archivo /settings/password. La manipulación provoca una restricción indebida de intentos de autenticación excesivos. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.Se encontró una vulnerabilidad en mtons mblog hasta la versión 3.5.0. Este problema afecta a un procesamiento desconocido del archivo /settings/password. La manipulación provoca una restricción indebida de intentos de autenticación excesivos. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.
euvd_idEUVD-2025-24978

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!