CVE-2019-7550

In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:jforum:jforum:2.1.8:*:*:*:*:*:*:*

Information

Published : 2019-02-12 12:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-7550

Mitre link : CVE-2019-7550


JSON object : View

CWE
CWE-209

Generation of Error Message Containing Sensitive Information

Advertisement

dedicated server usa

Products Affected

jforum

  • jforum