PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.vulnerability-lab.com/get_content.php?id=2110 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T20:41:47.153Z
Reserved: 2018-12-22T00:00:00Z
Link: CVE-2018-20371

No data.

Status : Modified
Published: 2018-12-23T02:29:00.437
Modified: 2024-11-21T04:01:20.547
Link: CVE-2018-20371

No data.