User Enumeration Vulnerability in PHPJabbers Event Booking Calendar
CVE-2023-40765

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Event Booking Calendar
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40765?

The Event Booking Calendar version 4.0 from PHPJabbers contains a user enumeration vulnerability that arises during the password recovery process. This flaw allows attackers to differentiate between valid and invalid usernames based on the varying responses generated during recovery attempts. The implications of this vulnerability are significant, as it can facilitate targeted brute force attacks against accounts of valid users.

References

https://www.phpjabbers.com/event-booking-calendar/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40765?

References

CVSS V3.1

Timeline