cbcvebase.
CVE-2023-38871
published 2023-09-28

CVE-2023-38871: The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities…

PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.64%
45.9th percentile
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

Affected

3 ranges
VendorProductVersion rangeFixed in
economizzereconomizzer
economizzereconomizzer
gugoaneconomizzer0 – 0.9-beta1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.