Main
Vulnerability Database
Exploits
ID:5199 - Exploit for Information disclosure in JForum - CVE-2019-7550
ID:5199 - Exploit for Information disclosure in JForum - CVE-2019-7550
Published: March 7, 2021
Vulnerability identifier: #VU17727
Vulnerability risk: Low
CVE-ID: CVE-2019-7550
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
JForum
JForum
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the create user function due to the way the software handles messages based on username validity. A remote attacker can send mass register/check/username?username= requests to access sensitive information, such as valid usernames, to enumerate within the customer environment.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.