CVE-2004-2524

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1310.html
Vendor Advisory
http://secunia.com/advisories/12200
Patch
Vendor Advisory
http://securitytracker.com/id?1010833
Exploit
Vendor Advisory
http://www.osvdb.org/8279
http://www.securityfocus.com/bid/10846
https://exchange.xforce.ibmcloud.com/vulnerabilities/16849
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1310.html
Vendor Advisory
http://secunia.com/advisories/12200
Patch
Vendor Advisory
http://securitytracker.com/id?1010833
Exploit
Vendor Advisory
http://www.osvdb.org/8279
http://www.securityfocus.com/bid/10846
https://exchange.xforce.ibmcloud.com/vulnerabilities/16849

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:whm_autopilot:whm_autopilot:2.4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00945

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3gmr-q2mv-97r5

github

больше 3 лет назад