Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 15/02/2023 Updated: 24/02/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Kiwi TCMS, an open source test management system, does not impose rate limits in versions before 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kiwitcms kiwi tcms

CWE-307 https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9 https://huntr.dev/bounties/2b1a9be9-45e9-490b-8de0-26a492e79795/https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/https://github.com/kiwitcms/Kiwi/commit/0ed213fa0ddb7a6dc77e3c3b99e8fc90ccdaf46f https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-25156

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect