Vulnerabilities > CVE-2022-30076 - Unspecified vulnerability in Entab ERP 1.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

entab

NVD

Published: 2023-04-16

Updated: 2023-04-26

Summary

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

Vulnerable Configurations

Part	Description	Count
Application	Entab Entab ERP 1.0	1

References

http://packetstormsecurity.com/files/171777/ENTAB-ERP-1.0-Information-Disclosure.html