CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36127
https://notcve.org/view.php?id=CVE-2023-36127
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en PHPJabbers Appointment Scheduler 3.0. Este problema ocurre durante la recuperación de contraseña, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, lo que permitiría un ataque de fuerza bruta con usuarios válidos. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43274
https://notcve.org/view.php?id=CVE-2023-43274
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. Phpjabbers PHP Shopping Cart 4.2 es vulnerable a la inyección SQL a través del parámetro id. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36140
https://notcve.org/view.php?id=CVE-2023-36140
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. En PHPJabbers Cleaning Business Software 1.0, no hay cifrado en las contraseñas de los usuarios, permitiendo a un atacante obtener acceso a todas las cuentas de usuario. • https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb https://www.phpjabbers.com/cleaning-business-software • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41537
https://notcve.org/view.php?id=CVE-2023-41537
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. Business Directory Script 3.2 de PHPJabbers es vulnerable a Cross Site Scripting (XSS) a través del parámetro keyword. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41539
https://notcve.org/view.php?id=CVE-2023-41539
phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. Business Directory Script 3.2 de PHPJabbers es vulnerable a SQL Injection a través del parámetro de column. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •