CVE-2019-19805

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2019-19805

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Source: CVE-2019-19805

답글 남기기 응답 취소