Vulnerability Description
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medicine Tracker System Project | Medicine Tracker System | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/d34dun1c02n/CVE-2023-30458ExploitThird Party Advisory
- https://www.sourcecodester.com/download-code?nid=16308&title=Medicine+Tracker+SyProduct
- https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysProduct
- https://github.com/d34dun1c02n/CVE-2023-30458ExploitThird Party Advisory
- https://www.sourcecodester.com/download-code?nid=16308&title=Medicine+Tracker+SyProduct
- https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysProduct
FAQ
What is CVE-2023-30458?
CVE-2023-30458 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid user...
How severe is CVE-2023-30458?
CVE-2023-30458 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30458?
Check the references section above for vendor advisories and patch information. Affected products include: Medicine Tracker System Project Medicine Tracker System.