Skip to main content

Medicine Tracker System CVE-2023-30458

MEDIUM
Observable Discrepancy (CWE-203)
2023-04-24 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 24, 2023 - 08:15 nvd
MEDIUM 5.3

DescriptionNVD

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.

AnalysisAI

A username enumeration issue was discovered in Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-203. A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. Affected products include: Medicine Tracker System Project Medicine Tracker System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-7134 CRITICAL POC
9.8 Dec 28

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-7123 CRITICAL POC
9.8 Dec 28

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0.php? f=

CVE-2023-1439 CRITICAL POC
9.8 Mar 17

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0.php of t

CVE-2024-7226 MEDIUM POC
6.9 Jul 30

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 6.9), this vulnerab

CVE-2024-6418 MEDIUM POC
6.9 Jun 30

A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. Rated medium severi

CVE-2023-5581 MEDIUM POC
6.1 Oct 14

A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity

CVE-2023-1464 CRITICAL
9.8 Mar 17

A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. Rated critic

CVE-2024-6419 MEDIUM POC
5.3 Jul 01

A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (C

CVE-2023-30112 HIGH
7.5 Apr 26

Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. Rated high severity (CVSS 7.5), this vulnerability

CVE-2023-30111 MEDIUM
6.1 Apr 26

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this

CVE-2023-30106 MEDIUM
6.1 Apr 26

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. Rated me

CVE-2023-1447 MEDIUM
6.1 Mar 17

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Rate

Share

CVE-2023-30458 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy