How severe is CVE-2024-9907?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-9907?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2024-9907

MEDIUM Year: 2024

CVSS v3 Score

3.7

Low

CVSS v2 Score

2.6

Low

Weakness Type

CWE-640

View all →

Vulnerability Description

A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2015-3189

LOW

CVSS:3.7(Low)

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired af...

CWE-6402015

CVE-2021-39899

MEDIUM

CVSS:4.2(Medium)

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the atta...

CWE-6402021

CVE-2022-23172

MEDIUM

CVSS:4.3(Medium)

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you...

CWE-6402022

CVE-2022-42807

MEDIUM

CVSS:4.3(Medium)

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key

CWE-6402022

CVE-2023-5959

MEDIUM

CVSS:4.3(Medium)

A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the a...

CWE-6402023

CVE-2025-2093

LOW

CVSS:3.1(Low)

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-passwo...

CWE-6402025

CVE-2024-9907

Vulnerability Description

Related Vulnerabilities

CVE-2015-3189

CVE-2021-39899

CVE-2022-23172

CVE-2022-42807

CVE-2023-5959

CVE-2025-2093