| 제목 | laravel-started 11.8.0 email enumeration |
|---|
| 설명 | A vulnerability has been identified in Product laravel-starter v11.8.0 that allows an attacker to enumerate valid email addresses through the server's responses to email verification commands in the forget password functionality. This issue arises because the server provides distinguishable responses for valid and invalid email addresses, enabling attackers to determine the existence of specific email addresses on the system.
product github:https://github.com/nasirkhan/laravel-starter |
|---|
| 원천 | ⚠️ https://powerful-bulb-c36.notion.site/idor-c6eb58e8fc40416ba53c7915ca0174c4?pvs=4 |
|---|
| 사용자 | louay khammassi (UID 67114) |
|---|
| 제출 | 2024. 06. 09. PM 02:08 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 06. 17. PM 02:59 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 268784 [nasirkhan Laravel Starter 까지 11.8.0 Password Reset /forgot-password Email 정보 공개] |
|---|
| 포인트들 | 17 |
|---|