Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Filament: Timing-based user enumeration on login page
Vulnerability Description
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email. This vulnerability is fixed in 4.11.5 and 5.6.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
filamentphp filament 信息泄露漏洞
Vulnerability Description
filamentphp filament是filamentphp团队开源的一套Laravel后台管理面板。 filamentphp filament 4.0.0版本至4.11.5之前版本和5.0.0版本至5.6.5之前版本存在信息泄露漏洞,该漏洞源于登录页面存在可观察的时间差异,可能导致未经身份验证的攻击者枚举已注册的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A