User Enumeration Vulnerability in PHPJabbers Fundraising Script
CVE-2023-40762

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Fundraising Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40762?

The PHPJabbers Fundraising Script version 1.0 has a vulnerability that allows for user enumeration through its password recovery feature. When users attempt to recover their passwords, the application provides different responses based on the validity of the username. This subtle difference in messaging enables malicious actors to confirm whether a specific username is associated with a valid account, which could subsequently facilitate brute force attacks targeting valid users. Effective remediation strategies should be implemented to ensure consistent messaging during password recovery processes.

References

https://www.phpjabbers.com/fundraising-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40762?

References

CVSS V3.1

Timeline