exploitDog

CVE-2018-15576

Опубликовано: 24 авг. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.

Ссылки

http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45227/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45227/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hazzardweb:easylogin_pro:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 92%

0.08152

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-43rr-vh89-fj97

CVSS3: 8.1

github

больше 3 лет назад

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.

EPSS

Процентиль: 92%

0.08152

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502