Home

Description

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




HIGH: 7.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Product status

3.3
affected

Credits

nu11secur1ty finder

References

www.exploit-db.com/exploits/51710 (ExploitDB-51710) exploit

www.phpjabbers.com/member-login-script/ (Product Webpage) product

www.vulncheck.com/...request-desynchronization-vulnerability (VulnCheck Advisory: Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability) third-party-advisory

cve.org (CVE-2023-53878)

nvd.nist.gov (CVE-2023-53878)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.