Lucene search

CVE-2018-6617

🗓️ 11 May 2018 21:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 25 Views🌐 WEB

Easy Hosting Control Panel v0.37.12.b allows changing arbitrary database user passwords

Reporter	Title	Published	Views	Family All 4
NVD	CVE-2018-6617	11 May 201821:29	–	nvd
Cvelist	CVE-2018-6617	11 May 201821:00	–	cvelist
Packet Storm	Easy Hosting Control Panel 0.37.12.b Unverified Password Change	9 May 201800:00	–	packetstorm
Prion	Design/Logic Flaw	11 May 201821:29	–	prion

Nvd

Node

ehcp easy_hosting_control_panelMatch0.37.12.b

Source	Link
hyp3rlinx	www.hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt
packetstormsecurity	www.packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html

Parameter	Position	Path	Description	CWE
op	query param	/ehcp/index.php	EHCP allows password changes for any database user without requiring the current password.	CWE-287
id	query param	/ehcp/index.php	EHCP allows password changes for any database user without requiring the current password.	CWE-287

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 May 2018 21:29Current

7.4High risk

Vulners AI Score7.4

CVSS22.1

CVSS37.8

EPSS0.00058

CWE-287