François Mehault

3 exploits Active since Nov 2022
CVE-2022-37772 WRITEUP HIGH WRITEUP
Maarch RM 2.8-2.8.5 - Unauthenticated Excessive Authentication Attempts via Verbose Responses
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.
CVSS 7.5
CVE-2022-37773 WRITEUP MEDIUM WRITEUP
Maarch RM 2.7-2.8.5 - Authenticated SQL Injection via Statistics Page Filter Parameter
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.
CVSS 6.5
CVE-2022-37774 WRITEUP MEDIUM WRITEUP
Maarch RM 2.8-2.8.6 - Unauthenticated Document Access via MD5 Hash URL
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.
CVSS 5.3