CVE-2018-25350

Received Received - Intake

BaseFortify

Publication date: 2026-05-23

Last updated on: 2026-05-23

Assigner: VulnCheck

Description

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-23

Last Modified

2026-05-23

Generated

2026-05-26

EPSS Evaluated

N/A

NVD

CVE-2018-25350

EUVD

EUVD-2018-21874

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-204	The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2018-25350

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart