Account Enumeration and Arbitrary Password Reset via Forgot Password Logic Flaw

github.com 2026-05-31查看中文 →

Security AdvisoryMediumOUSL-GROUP-BrinaryBrains

Affected:

School-Student-Management-System

Referenced CVEs: CVE-2026-10169 · 3.7

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Hermes Agent Feishu Webhook Pre-Auth Rate-Limit Bypass DoS 2026-06-01 Hermes-Agent .env Parser Semantic Injection via Substring Splitting (RCE/Credential Theft) 2026-06-01 Unauthenticated Arbitrary User Creation (Privilege Escalation) in add_user_check.php - Broken Access Control 2026-06-01 hermes-agent Persistent Prompt Injection Bypass via Regex Evasion 2026-06-01 SQL Injection Auth Bypass in login_check.php (Admin Session Acquisition) 2026-06-01

Offline Archive

Offline screenshot & PDF are Pro-exclusive