Vulnerabilities > CVE-2023-49443 - Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

html-js

CWE-307

critical

NVD

Published: 2023-12-08

Updated: 2023-12-11

Summary

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.

Vulnerable Configurations

Part	Description	Count
Application	Html-Js Html JS Doracms 2.1.8	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://github.com/woshinibaba222/DoraCMS-Verification-Code-Reuse