CVE-2023-36136

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

HPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

References

Link	Resource
https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb
https://www.phpjabbers.com/class-scheduling-system	Product
https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb
https://www.phpjabbers.com/class-scheduling-system	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type	Values Removed	Values Added
References	~~() https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb -~~	() https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb -
References	~~() https://www.phpjabbers.com/class-scheduling-system - Product~~	() https://www.phpjabbers.com/class-scheduling-system - Product

Information

Published : 2023-08-08 15:15

Updated : 2024-11-21 08:09

NVD link : CVE-2023-36136

Mitre link : CVE-2023-36136

CVE.ORG link : CVE-2023-36136

JSON object : View

Products Affected

phpjabbers

class_scheduling_system

CWE

CWE-312

Cleartext Storage of Sensitive Information

6.5 /10