CVE-2022-30076

CVSS 5.3 MEDIUMEPSS 3.5%CWE-307

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

n/a · n/a

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/171777/ENTAB-ERP-1.0-Information-Disclosure.htmlunverified exploitdbwww.exploit-db.com/exploits/51335unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/171777/ENTAB-ERP-1.0-Information-Disclosure.html