exploitDog

CVE-2009-2168

Опубликовано: 22 июн. 2009

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

Ссылки

https://www.exploit-db.com/exploits/8865
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8865
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:egyplus:7ammel:*:*:*:*:*:*:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 78%

0.01104

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-h2hc-3hmw-fmq5

CVSS3: 9.8

github

почти 4 года назад

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

EPSS

Процентиль: 78%

0.01104

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287