Vulnerabilities > CVE-2023-30458 - Information Exposure Through Discrepancy vulnerability in Medicine Tracker System Project Medicine Tracker System 1.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

medicine-tracker-system-project

CWE-203

NVD

Published: 2023-04-24

Updated: 2023-05-02

Summary

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.

Vulnerable Configurations

Part	Description	Count
Application	Medicine_Tracker_System_Project Medicine Tracker System Project Medicine Tracker System 1.0	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html
https://github.com/d34dun1c02n/CVE-2023-30458
https://www.sourcecodester.com/download-code?nid=16308&title=Medicine+Tracker+System+in+PHP+%28OOP%29+and+MySQL+DB+Source+Code+Free+Download