Description

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.

Remediation

References

CVE-2024-22646

Related Vulnerabilities

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.15)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)

Drupal Core 9.1.x Cross-Site Request Forgery (9.1.0 - 9.1.12)

IBM RTC CVE-2019-4084 Vulnerability (CVE-2019-4084)

WordPress 5.4.x Directory Traversal (5.4 - 5.4.15)

Severity

Medium

Classification

CVE-2024-22646 CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities