Описание
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.2 (включая) до 4.5.3 (включая)
cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00358
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
Связанные уязвимости
github
больше 3 лет назад
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.
EPSS
Процентиль: 58%
0.00358
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209