| Título | laravel-started 11.8.0 email enumeration |
|---|
| Descripción | A vulnerability has been identified in Product laravel-starter v11.8.0 that allows an attacker to enumerate valid email addresses through the server's responses to email verification commands in the forget password functionality. This issue arises because the server provides distinguishable responses for valid and invalid email addresses, enabling attackers to determine the existence of specific email addresses on the system.
product github:https://github.com/nasirkhan/laravel-starter |
|---|
| Fuente | ⚠️ https://powerful-bulb-c36.notion.site/idor-c6eb58e8fc40416ba53c7915ca0174c4?pvs=4 |
|---|
| Usuario | louay khammassi (UID 67114) |
|---|
| Sumisión | 2024-06-09 14:08 (hace 2 años) |
|---|
| Moderación | 2024-06-17 14:59 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 268784 [nasirkhan Laravel Starter hasta 11.8.0 Password Reset /forgot-password Email divulgación de información] |
|---|
| Puntos | 17 |
|---|