Mesbook
CVE-2024-6425
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (incibe) · only source for this CVE.
CVSS VectorVendor: incibe
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".
AnalysisAI
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-684. Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>". Affected products include: Mesbook.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated a
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. Rated high severity (CVSS 7.5), this vul
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacke
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today