CVE-2023-36136

CVE-2023-36136

EPSS 0.2%

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb https://www.phpjabbers.com/class-scheduling-system