3 matches found
CVE-2019-19806
accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...
CVE-2019-19806
creationtimestamp| type| source ---|---|--- 2024-03-18 15:16:43+00:00| seen| https://t.me/ctinow/210622...
CVE-2019-19806
The CVE-2019-19806 issue affects MFScripts YetiShare versions 3.5.2 through 4.5.3, where _account_forgot_password.ajax.php reveals whether an email address is configured for a given account name. This enables attacker-driven account enumeration via guessing email addresses. The connected document...