Описание
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 6.1_hotfix_3.3 (включая)
Одно из
cpe:2.3:a:hosting_controller:hosting_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:hosting_controller:hosting_controller:2002_rc_1:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01141
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
EPSS
Процентиль: 78%
0.01141
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other