Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

Advisories

Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

severity: high
date: 12/15/2025
Affecting: Member Login Script 3.3
CVE: CVE-2023-53878
CWE: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVSS: 7.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-51710
Product Webpage
Credit: nu11secur1ty
Description: Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo