CVE-2024-22646

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 30, 2024

Updated: Feb 3, 2024

CWE ID 209

Summary

CVE-2024-22646 is a newly disclosed email address enumeration vulnerability affecting the password reset function of SEO Panel version 4.10.0. An attacker can exploit this flaw to guess which email addresses are in use on the targeted system, increasing the risk of targeted phishing or brute force attacks. The vulnerability arises due to insufficient input validation in the password reset process. Users are urged to update their SEO Panel installation as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGxwr7
https://www.cve.org/CVERecord?id=CVE-2024-22646
https://nvd.nist.gov/vuln/detail/CVE-2024-22646

Back to Vulnerability Database

CVE-2024-22646

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations