CVE-2023-40764

Published: Aug 28, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Affected (1)

Products: Phpjabbers: Car Rental Script

1 product

Car Rental Script

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpjabbers Car Rental Script	Version 3.0

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (4)

https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

Source: cve@mitre.org

https://www.phpjabbers.com/car-rental-script/

Source: cve@mitre.org

Product

https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.phpjabbers.com/car-rental-script/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.