| Title | Surya2Developer Hostel Management Service 1.0 Sensitive Information Disclosure |
|---|
| Description | An unauthenticated attacker can enumerate passwords and usernames/email addresses on the check_availability endpoint by observing discrepancies in HTTP responses between a POST request with valid emailid or oldpassword value. |
|---|
| Source | ⚠️ https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md |
|---|
| User | blackslim3 (ID 64963) |
|---|
| Submission | 03/06/2024 08:49 (2 months ago) |
|---|
| Moderation | 03/15/2024 01:18 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 256891 |
|---|