This is a public record, and or proof of concept regarding CVE-2024-51051, a vulnerability affecting AVSCMS version 8.2.0 which includes:
Nothing much to be said about the vulnerability, by default AVSCMS have admin:admin credential. The application also didn't have any password's strength policy for their user, nor an interface for setting up password strength under their site-admin panel.
This vulnerability allows attacker to have an easier time guessing the user's or admin's password (either via bruteforce or dictionary attack).
Weak default admin credential.
Here I logged in using normal user with weak password.
Lack of password strength management