CVE-2019-11233

Name: CVE-2019-11233
Creator: NVD / NIST
Published: 2019-06-19T17:15:11.14+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.50%

Last modified Jun 17, 2026

CVE-2019-11233 is a vulnerability of currently unknown severity. EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field.

Metrics

EPSS Probability

1.50%

71.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Eic	Biyan	>= 1.57, <= 2.8

References

https://gist.github.com/keniver/dd27ba44d0aef4318551e647d927242fExploit, Third Party Advisory
https://gist.github.com/keniver/dd27ba44d0aef4318551e647d927242fExploit, Third Party Advisory

Timeline

Published: Jun 19, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-11233?

How severe is CVE-2019-11233?

Severity scoring for CVE-2019-11233 is pending analysis. The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2019-11233?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-11233?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST