CVE-2023-36136 Information

Description

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

Reference

https://www.phpjabbers.com/class-scheduling-system https://medium.com/@blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb