CVE-2023-40764
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 28, 2023
Updated: Nov 7, 2023
CWE ID 209
Summary
CVE-2023-40764 is a vulnerability affecting PHP Jabbers Car Rental Script version 3.0. During password recovery, user enumeration occurs, allowing an attacker to distinguish between valid and non-existent usernames. This difference in messages can be exploited to launch a brute force attack, focusing efforts only on valid usernames, thereby increasing the efficiency of the attack. This vulnerability poses a significant risk to the confidentiality and integrity of user accounts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- PHPJabbers