CVE-2019-19806

Published: Dec 30, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Affected (1)

Products: Mfscripts: Yetishare

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mfscripts Yetishare	From 3.5.2 to 4.5.3

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Source: cve@mitre.org

https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.