CVE-2023-54357

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-203

Source

NVD

Vendor

Artio

Product

Joomla! com_booking component

External References

http://www.artio.net/
http://www.artio.net/downloads/joomla/book-it/book-it-2-free/download
https://www.exploit-db.com/exploits/51595
https://www.vulncheck.com/advisories/joomla-com-booking-information-disclosure-via-account-enumeration

CVE-2023-54357

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment