PT-2023-25444 · Phpjabbers · Phpjabbers Class Scheduling System
Published
2023-08-03
·
Updated
2023-08-08
·
CVE-2023-36134
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHP Jabbers Class Scheduling System version 1.0
Description
The issue concerns a lack of verification when changing an email address and/or password on the Profile Page, allowing remote attackers to take over accounts.
Recommendations
For PHP Jabbers Class Scheduling System version 1.0, consider implementing proper verification mechanisms for email address and password changes on the Profile Page to prevent unauthorized account takeovers. As a temporary workaround, restrict access to the Profile Page until a proper fix is implemented.
Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpjabbers Class Scheduling System