Primary

Context

flaskBlog Access Control Vulnerability Leading to Username Enumeration

Vulnerability

An access control vulnerability in flaskBlog version 2.6.1 allows attackers to retrieve all usernames by sending a crafted input. The issue arises because the application does not properly validate query parameters, enabling the use of wildcard characters to extract username data from the database.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of all usernames in the application.

Reproduction

To reproduce this vulnerability, send a request to the search endpoint with a query that includes the wildcard characters '%' or '_'. The server will respond with a list of all usernames that match the query, effectively leaking the entire username database.

Remediation

It is recommended to implement proper validation and filtering of query parameters to prevent unauthorized access to username data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

flaskBlog Access Control Vulnerability Leading to Username Enumeration

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating