CVE-2023-36135 - OpenCVE

User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Phpjabbers	Class Scheduling System

Configuration 1 [-]

cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4
https://www.phpjabbers.com/class-scheduling-system	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-03T00:00:00

Updated: 2023-08-03T00:00:00

Reserved: 2023-06-21T00:00:00

Link: CVE-2023-36135

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-04T00:15:12.503

Modified: 2023-11-07T04:16:16.273

Link: CVE-2023-36135

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo