Lin-CMS-Flask vulnerable to Improper Authentication

GHSA-h6r2-pgvx-683c · CVE-2020-18698 · PYSEC-2021-339

Published May 24, 2022 · Modified Jun 10, 2026

Description

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-18698
WEB https://github.com/TaleLin/lin-cms-flask/issues/27
WEB https://cwe.mitre.org/data/definitions/307.html
PACKAGE https://github.com/TaleLin/lin-cms-flask
WEB https://github.com/pypa/advisory-database/tree/main/vulns/lin-cms/PYSEC-2021-339.yaml

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes