User Enumeration Vulnerability in PHPJabbers Class Scheduling System
CVE-2023-36135

7.5HIGH

Key Information:

Vendor: PHPjabbers
Status: Class Scheduling System
Vendor: CVE Published:; 4 August 2023

What is CVE-2023-36135?

The PHPJabbers Class Scheduling System v1.0 contains a vulnerability that allows for user enumeration through its password recovery feature. Attackers can exploit this issue by analyzing the different responses returned when attempting to recover passwords. If the system indicates whether a username exists or not based on its messaging, it may lead to the identification of valid users. This exploit enables the possibility for subsequent brute force attacks against valid accounts, posing a significant risk if not addressed.

References

https://www.phpjabbers.com/class-scheduling-system

https://medium.com/%40bcksec/multiple-vulnerabilities-in-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Jun 21, 2023

PHPjabbers

What is CVE-2023-36135?

References

CVSS V3.1

Timeline