CVE-2024-22646
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jan 30, 2024
Updated: Feb 3, 2024
CWE ID 209
Summary
CVE-2024-22646 is a newly disclosed email address enumeration vulnerability affecting the password reset function of SEO Panel version 4.10.0. An attacker can exploit this flaw to guess which email addresses are in use on the targeted system, increasing the risk of targeted phishing or brute force attacks. The vulnerability arises due to insufficient input validation in the password reset process. Users are urged to update their SEO Panel installation as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share