funnyzpc Mee-Admin Login login observable response discrepancy

A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

响应差异性信息暴露

mee-admin 安全漏洞

mee-admin是funnyzpc个人开发者的一个开源后台管理系统。 mee-admin 1.6之前版本存在安全漏洞，该漏洞源于文件/mee/login的参数username会导致可观察到的响应差异。

N/A

N/A