CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb
https://www.phpjabbers.com/class-scheduling-system	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpjabbers:class_scheduling_system:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-08 15:15

Updated : 2023-11-07 04:16

NVD link : CVE-2023-36136

Mitre link : CVE-2023-36136

CVE.ORG link : CVE-2023-36136

JSON object : View

Products Affected

phpjabbers

class_scheduling_system

CWE

CWE-312

Cleartext Storage of Sensitive Information

6.5 /10