9.1

CVE-2024-6425

Incorrect Provision of Specified Functionality vulnerability in MESbook

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MesbookMesbook Version20221021.03
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.413
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve-coordination@incibe.es 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-684 Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook
Third Party Advisory