User Enumeration Vulnerability in PHPJabbers Fundraising Script
CVE-2023-40762

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Fundraising Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40762?

The PHPJabbers Fundraising Script version 1.0 has a vulnerability that allows for user enumeration through its password recovery feature. When users attempt to recover their passwords, the application provides different responses based on the validity of the username. This subtle difference in messaging enables malicious actors to confirm whether a specific username is associated with a valid account, which could subsequently facilitate brute force attacks targeting valid users. Effective remediation strategies should be implemented to ensure consistent messaging during password recovery processes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.phpjabbers.com/fundraising-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

JSON

PHPjabbers

What is CVE-2023-40762?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.