A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48572 |
History
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Aquila
Aquila cms |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:a:aquila:cms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Aquila
Aquila cms |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-29T00:00:00
Updated: 2024-10-30T14:31:32.183Z
Reserved: 2024-10-08T00:00:00
Link: CVE-2024-48572
Vulnrichment
Updated: 2024-10-30T14:31:25.417Z
NVD
Status : Awaiting Analysis
Published: 2024-10-29T22:15:03.913
Modified: 2024-11-01T12:57:35.843
Link: CVE-2024-48572
Redhat
No data.