MEDIUM🇬🇧 English

CVE-2025-8546

CVSS 5.5v4.0pub. 2025-08-05upd. 2025-09-03

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Pybbs Project Pybbs

    APP
    Pybbs Project
    ≤ 6.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-28702HIGH7.5ten sam produkt

A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive datab...

CVE-2025-8547MEDIUM5.5ten sam produkt

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affec...

CVE-2022-23391MEDIUM6.1ten sam produkt

A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or ...

CVE-2025-12297LOW2.1ten sam produkt

W oprogramowaniu atjiu pybbs do wersji 6.0.0 wykryto lukę bezpieczeństwa dotyczącą nieznanej funkcji w pliku U...

CVE-2025-8812LOW1.9ten sam produkt

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an un...