CVE-2024-22647

An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647	Exploit Third Party Advisory
https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:seopanel:seo_panel:4.10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647 - Exploit, Third Party Advisory~~	() https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647 - Exploit, Third Party Advisory

03 Feb 2024, 00:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:seopanel:seo_panel:4.10.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CWE		CWE-203
References	~~() https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647 -~~	() https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647 - Exploit, Third Party Advisory
First Time		Seopanel Seopanel seo Panel

30 Jan 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-30 07:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-22647

Mitre link : CVE-2024-22647

CVE.ORG link : CVE-2024-22647

JSON object : View

Products Affected

seopanel

seo_panel

CWE

CWE-203

Observable Discrepancy

5.3 /10