2 matches found
CVE-2019-11233
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
CVE-2019-11233
CVE-2019-11233 affects EXCELLENT INFOTEK BiYan v1.57–v2.8. A misdesign allows an unauthenticated attacker to leak user information by sending a LOGIN_ID element to the endpoint auth/main/asp/check_user_login_info.aspx and reading the response, with leakage demonstrated via KW_EMAIL or KW_TEL fiel...