What is GHSA-56j3-w2r5-qgxq?

GHSA-56j3-w2r5-qgxq is a security advisory published by GitHub Security Advisories with Critical severity. userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated...

Which CVE IDs does GHSA-56j3-w2r5-qgxq cover?

GHSA-56j3-w2r5-qgxq covers the following CVE IDs: CVE-2018-25350. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-56j3-w2r5-qgxq?

GHSA-56j3-w2r5-qgxq has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-56j3-w2r5-qgxqCriticalCVSS 9.8

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25350 →

📋 Description

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2018-25350
https://www.exploit-db.com/exploits/44872
https://www.vulncheck.com/advisories/userspice-username-enumeration-via-existingusernamecheck-php
https://github.com/advisories/GHSA-56j3-w2r5-qgxq