Flarum
CVE-2018-19133
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
AnalysisAI
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. Affected products include: Flarum.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Flarum is a forum software for building communities. Rated critical severity (CVSS 10.0), this vulnerability is remotely
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. Rated hig
Flarum is a forum software for building communities. Rated medium severity (CVSS 4.3), this vulnerability is remotely ex
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. Rated h
Flarum is an open source forum software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low
Flarum is open-source forum software. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no a
Flarum is a forum software for building communities. Rated medium severity (CVSS 5.4), this vulnerability is remotely ex
Flarum is an open source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitab
flarum is a forum software package for building communities. Rated medium severity (CVSS 4.9), this vulnerability is rem
Flarum is a discussion platform for websites. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable,
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today