User Enumeration Vulnerability in PHPJabbers Food Delivery Script
CVE-2023-40757

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Food Delivery Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40757?

The PHPJabbers Food Delivery Script v3.1 has a vulnerability that allows for user enumeration during the password recovery process. This issue arises when the system generates differing messages based on whether the username is valid or not, potentially exposing valid usernames. An attacker could exploit this behavior to identify valid user accounts and then launch brute force attacks to gain unauthorized access.

References

https://www.phpjabbers.com/food-delivery-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40757?

References

CVSS V3.1

Timeline