CVE-2023-36141

low-risk

Published 2023-08-04

User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Cleaning Business Software

Affected Vendors

Phpjabbers

References (4)

https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25a...

Product https://www.phpjabbers.com/cleaning-business-software/

https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25a...

Product https://www.phpjabbers.com/cleaning-business-software/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal