Published: 24/04/2023 Updated: 02/05/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

A username enumeration issue exists in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
medicine tracker system project medicine tracker system 1.0

CVE-2023-30458 Exploit Title: Medicine Tracker System 10 - Observable Discrepancy: Username enumeration via response timing Date: April, 22 2023 Exploit Author: William David Mathisen (d34dun1c02n) Vendor Homepage: wwwsourcecodestercom/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-downloadhtml Software Link: wwwsourcecodestercom/d

CWE-203 https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html https://github.com/d34dun1c02n/CVE-2023-30458 https://www.sourcecodester.com/download-code?nid=16308&title=Medicine+Tracker+System+in+PHP+%28OOP%29+and+MySQL+DB+Source+Code+Free+Download https://nvd.nist.gov https://github.com/d34dun1c02n/CVE-2023-30458

CVE-2023-30458

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect