CVE-2023-39343

MEDIUM

Sulu - Info Disclosure

Title source: llm

Description

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

References (3)

[Mitigation, Vendor Advisory] https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr

[Patch] https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b

View Patch ZIP pw:eip

[Release Notes] https://github.com/sulu/sulu/releases/tag/2.5.10

Scores

CVSS v3 4.3

EPSS 0.0035

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (2)

sulu/sulu 2.5.0 - 2.5.10

sulu/sulu 2.5.0 - 2.5.10Packagist

Published Aug 04, 2023

Tracked Since Feb 18, 2026