Unrated severityNVD Advisory· Published Dec 27, 2014· Updated May 6, 2026

CVE-2013-6043

Description

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

Affected products

Softaculous/Webuzo4 versions
cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:*range: <=2.1.3
- cpe:2.3:a:softaculous:webuzo:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:softaculous:webuzo:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:softaculous:webuzo:2.1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.softaculous.com/board/index.phpnvd
web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000