CVE-2019-16394

MEDIUM

SPIP <3.1.11 & <3.2.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16394. PoCs published by trungnd51.

AI-analyzed exploit summary This repository contains a Python script that scans for valid email addresses vulnerable to CVE-2019-16394, an information disclosure vulnerability in SPIP. The script tests a list of emails against a target SPIP instance to identify valid accounts.

Description

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.

Exploits (1)

nomisec SCANNER

by trungnd51 · poc

https://github.com/trungnd51/Silent_CVE_2019_16394

View Code ZIP pw:eip

This repository contains a Python script that scans for valid email addresses vulnerable to CVE-2019-16394, an information disclosure vulnerability in SPIP. The script tests a list of emails against a target SPIP instance to identify valid accounts.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SPIP (version not specified)

No auth needed

Prerequisites: List of email addresses to test · Target SPIP instance URL

MITRE ATT&CK