Lucene search

[email protected]CVE-2018-15576

HistoryAug 24, 2018 - 9:29 p.m.

CVE-2018-15576

2018-08-2421:29:00

CWE-502

[email protected]

web.nvd.nist.gov

easylogin pro

cve-2018-15576

remote code execution

unserialize call

encryptor.php

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.064 Low

EPSS

Percentile

93.7%

JSON

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.

Affected configurations

NVD

Node

hazzardwebeasylogin_proRange≤1.3.0

CPENameOperatorVersion
hazzardweb:easylogin_prohazzardweb easylogin prole1.3.0

CPE	Name	Operator	Version
hazzardweb:easylogin_pro	hazzardweb easylogin pro	le	1.3.0

References

packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html

www.exploit-db.com/exploits/45227/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.064 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2018-15576

packetstorm1 zdt1 cvelist1 nvd1 exploitpack1 prion1 exploitdb1