Home > Vulnerability Database > CVE-2023-48028

Mend.io Vulnerability Database

CVE-2023-48028

Date: November 16, 2023

kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

Language: PHP

Severity Score

9.8

Related Resources (4)

Url: https://nitipoom-jar.github.io/CVE-2023-48028/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48028

Url: https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae

Url: https://www.mend.io/vulnerability-database/CVE-2023-48028

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48028

Date: November 16, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?