CVE-2023-36127
First published: Tue Oct 10 2023(Updated: )
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Appointment Scheduler | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in PHPJabbers Appointment Scheduler 3.0?
The vulnerability ID for this issue in PHPJabbers Appointment Scheduler 3.0 is CVE-2023-36127.
What is the severity of CVE-2023-36127?
The severity of CVE-2023-36127 is high, with a severity value of 7.5.
What is the affected software in CVE-2023-36127?
The affected software in CVE-2023-36127 is PHPJabbers Appointment Scheduler 3.0.
What is the CWE ID for this vulnerability in PHPJabbers Appointment Scheduler 3.0?
The CWE ID for this vulnerability in PHPJabbers Appointment Scheduler 3.0 is CWE-203.
Is there a fix for CVE-2023-36127?
Currently, there is no information about a fix for CVE-2023-36127. It is recommended to follow the vendor's website or contact their support for updates on a fix.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpjabbers
- canonical/phpjabbers appointment scheduler
- version/phpjabbers appointment scheduler/3.0