A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48572 |
![]() ![]() |
History
Fri, 14 Mar 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Aquila
Aquila cms |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:a:aquila:cms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Aquila
Aquila cms |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-03-14T16:59:22.921Z
Reserved: 2024-10-08T00:00:00.000Z
Link: CVE-2024-48572

Updated: 2024-10-30T14:31:25.417Z

Status : Awaiting Analysis
Published: 2024-10-29T22:15:03.913
Modified: 2025-03-14T17:15:47.973
Link: CVE-2024-48572

No data.