An issue exists in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote malicious users to perform social engineering or brute force attacks against the system login page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eic e-document system 3.0 |