MEDIUM🇵🇱 Wersja polska

CVE-2013-6043

CVSS 5.0v2.0pub. 2014-12-27upd. 2026-05-06

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Softaculous Webuzo

    APP
    Softaculous
    2.1.02.1.12.1.2≤ 2.1.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24621CRITICAL9.8PL ✓ten sam produkt

Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła

CVE-2024-24622HIGH8.8ten sam produkt

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...

CVE-2024-24623HIGH8.8ten sam produkt

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...

CVE-2013-6041HIGH7.5ten sam produkt

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell m...

CVE-2013-6042MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous We...