Windu CMS User Enumeration Vulnerability

Vulnerability

A user enumeration vulnerability has been identified in Windu CMS version 4.1. During the login process, discrepancies in the response messages can reveal whether a login is valid, potentially allowing an attacker to conduct a brute force attack using valid credentials. While the vendor was notified of this vulnerability, they did not provide details on the affected version range. Only version 4.1 has been tested and confirmed vulnerable.

Impact

Exploitation of this vulnerability allows for user enumeration, enabling attackers to determine valid usernames and potentially use them in conjunction with password guessing attacks.

Added: Nov 18, 2025, 3:21 PM

Updated: Nov 18, 2025, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS User Enumeration Vulnerability

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating