Primary

Context

Shiori Brute Force Authentication Bypass Vulnerability

Vulnerability

A vulnerability exists in Shiori versions through 1.7.4 due to the absence of rate limiting on the login page. This flaw enables attackers to execute brute force attacks, bypassing authentication altogether. The issue has been reported by a user who successfully performed a brute force attack using Burp Suite's Intruder tool.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts through successful brute force login attempts.

Reproduction

To reproduce this vulnerability, navigate to the login page of Shiori. Capture the login POST request using Burp Suite, then use the Intruder tool to automate a brute force attack on the password field.

Remediation

Users are advised to update to Shiori version 1.8.0 or later, where this vulnerability has been addressed.

Added: Jan 9, 2026, 9:18 PM

Updated: Jan 9, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shiori Brute Force Authentication Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating