François Mehault

3 exploits Active since Nov 2022
CVE-2022-37772 WRITEUP HIGH WRITEUP
Maarch RM < 2.8.6 - Brute Force
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.
CVSS 7.5
CVE-2022-37773 WRITEUP MEDIUM WRITEUP
Maarch RM < 2.8.6 - SQL Injection
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.
CVSS 6.5
CVE-2022-37774 WRITEUP MEDIUM WRITEUP
Maarch RM < 2.8.6 - Authentication Bypass
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.
CVSS 5.3