{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25350", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-05-23T15:34:00.756Z", "datePublished": "2026-05-23T18:30:51.228Z", "dateUpdated": "2026-05-23T18:30:51.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-23T18:30:51.228Z"}, "datePublic": "2018-06-10T00:00:00.000Z", "title": "userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php", "descriptions": [{"lang": "en", "value": "userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Observable Response Discrepancy", "cweId": "CWE-204", "type": "CWE"}]}], "affected": [{"vendor": "UserSpice", "product": "userSpice", "versions": [{"version": "4.3.24", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/44872", "name": "ExploitDB-44872", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/userspice-username-enumeration-via-existingusernamecheck-php"}], "credits": [{"lang": "en", "value": "Dolev Farhi", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}}}

{}

{}

{}

{"created": "2026-05-23T19:30:25.321225+00:00", "updated": "2026-05-23T19:30:25.321243+00:00", "vendors": []}