CVE-2021-31646

EUVD-2021-18534
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
gestsupgestsup
𝑥
< 3.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html
https://gestsup.fr/index.php?page=download
https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch
https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html
https://gestsup.fr/index.php?page=download
https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch