CVE-2023-36136

2023-08-0800:00:00

mitre

www.cve.org

cve-2023-36136

phpjabbers

password encryption

user account

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

References

medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb

www.phpjabbers.com/class-scheduling-system