atjiu pybbs
Moderate fix1 remedy
cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 6.0.0
Atjiu pybbs Information Exposure Vulnerability in Email Verification Endpoint
Vulnerability
A vulnerability allowing information exposure has been identified in Atjiu pybbs versions through 6.0.0. The issue arises in the 'sendEmailCode' function within the 'SettingsApiController.java' file. The vulnerability allows for email enumeration by disclosing whether an email is registered through the response message. This flaw can be exploited remotely, and the absence of security measures such as rate limiting or CSRF protection exacerbates the issue.
Impact
Exploitation of this vulnerability leads to unauthorized disclosure of registered users' email addresses.
Reproduction
To reproduce this vulnerability, send a request to the '/api/settings/sendEmailCode' endpoint with an email address as the parameter. The response will indicate whether the email is registered, thereby leaking information about registered users.
Remediation
Users are advised to update to the latest version of Atjiu pybbs, where this vulnerability has been patched.
Added: Aug 5, 2025, 7:22 AM
Updated: Aug 5, 2025, 7:22 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
6.0remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.