CVE-2019-7550

Published: Feb 12, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.

Affected (1)

Products: Jforum: Jforum

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jforum Jforum	Version 2.1.8

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.