CVE-2024-6425
CVSS V2 None
CVSS V3 None
Description
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".
Overview
- CVE ID
- CVE-2024-6425
- Assigner
- INCIBE
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-01T12:56:20.984Z
- Last Modified Date
- 2024-07-01T12:57:13.891Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6425 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6425 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-02 13:03:42 | Added to TrackCVE |