MEDIUM🇬🇧 English

CVE-2013-6043

CVSS 5.0v2.0pub. 2014-12-27upd. 2026-05-06

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Softaculous Webuzo

    APP
    Softaculous
    2.1.02.1.12.1.2≤ 2.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-24621CRITICAL9.8PL ✓ten sam produkt

Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła

CVE-2024-24622HIGH8.8ten sam produkt

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...

CVE-2024-24623HIGH8.8ten sam produkt

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...

CVE-2013-6041HIGH7.5ten sam produkt

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell m...

CVE-2013-6042MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous We...