CVE-2023-53878

Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

CVSS 6.9 MEDIUMEPSS 0.3%CWE-444

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Phpjabbers · Member Login Script

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/51710 https://www.phpjabbers.com/member-login-script/https://www.vulncheck.com/advisories/member-login-script-client-side-request-desynchronization-vulnerability