Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2023-39343

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

Published: Aug 4, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-39343
GHSA: GHSA-wmwf-49vv-p3mr
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-204

Affected Software
References

Software	From	Fixed in
sulu / sulu	2.5.0	2.5.10

https://github.com/FriendsOfPHP/security-advisories/blob/master/sulu/sulu/CVE-2023-39343.yaml
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
https://github.com/sulu/sulu/releases/tag/2.5.10
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo