| Titel | PHPGurukul Online Library Management System 3.0 Unverified Password Change |
|---|
| Beschreibung | During the security review of "Online Library Management System",I discovered a passwd reset vulnerability in the "/change-password.php" file. In the system, the password reset function only relies on email and phone number verification, without introducing secondary verification mechanisms (such as verification codes and tokens), allowing attackers to directly reset passwords by collecting basic user information. |
|---|
| Quelle | ⚠️ https://github.com/SECWG/cve/issues/4 |
|---|
| Benutzer | WenGui (UID 82184) |
|---|
| Einreichung | 06.03.2025 06:12 (vor 1 Jahr) |
|---|
| Moderieren | 07.03.2025 16:35 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 298951 [PHPGurukul Online Library Management System 3.0 /change-password.php email/phone number erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|