CVE Daily

CVE-2019-19735

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure m...

Critical CVSS 9.1

Overview

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

CWE: CWE-916 Published: 2019-12-30T17:15:20.203
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.1 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags