CVE-2019-15132

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15132
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15132.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-15132
Downstream
Published
2019-08-17T18:15:10.690Z
Modified
2026-02-12T07:29:25.094164Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
2c1949d4e7fb4248c2a6b95b45094951c3607c8d
Last affected
23fae3e23d1ba4de3c22ecc251b4c5a579a3ddf9
Introduced
845610d1b58fc3b9e4127c8fd277a9d56a9874c2
Last affected
6bc1a14f56c45f0bc221f0fe7ed9584c55eb2a1a

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15132.json"