CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/
https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/

Products affected by CVE-2019-7550

Jforum » Jforum » Version: 2.1.8

cpe:2.3:a:jforum:jforum:2.1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7550

Products

Pricing

Contact Us