CVE-2025-8742
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-09-02
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| macrozheng | mall | to 1.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in macrozheng mall version 1.0.3, specifically in the Admin Login component. It involves improper restriction of excessive authentication attempts, meaning that the system does not adequately limit the number of login attempts an attacker can make. This flaw could potentially allow an attacker to try multiple authentication attempts remotely. However, the attack complexity is high and exploitation is difficult.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to perform excessive authentication attempts on the Admin Login component remotely. This might lead to unauthorized access if the attacker eventually succeeds in authenticating. However, due to the high complexity and difficulty of exploitation, the immediate risk may be limited but still present.