CVE-2020-35952

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/01/2021
Last modified:
11/01/2021

Description

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:* 9.0 (including) 9.03.90 (excluding)


References to Advisories, Solutions, and Tools