13 matches found
CVE-2025-12866
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
CVE-2025-12867
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-12867
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-12866
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
EUVD-2025-41751
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-12867
The CVE-2025-12867 entry concerns Hundred Plus EIP Plus. The connected documents substantiate an Arbitrary File Upload vulnerability in EIP Plus that could allow privileged remote attackers to upload and execute a web shell, resulting in arbitrary code execution on the server. Affected product is...
CVE-2025-12867 Hundred Plus|EIP Plus - Arbitrary File Uplaod
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-12866 Hundred Plus|EIP Plus - Weak Password Recovery Mechanism
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
EUVD-2025-38730
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
CVE-2025-12866
CVE-2025-12866 affects Hundred Plus EIP Plus (enterprise management software). The root cause is a Weak Password Recovery Mechanism that allows an unauthenticated remote attacker to predict or brute-force the password reset link, enabling password resets for any user. Consequences include potenti...
CVE-2025-12866 Hundred Plus|EIP Plus - Weak Password Recovery Mechanism
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...
Hundred Plus EIP Plus 授权问题漏洞
Hundred Plus EIP Plus is an enterprise management software from Hundred Plus Ares Taiwan, China. Hundred Plus EIP Plus suffers from an authorization issue vulnerability that stems from a weak password recovery mechanism, which could allow an unauthenticated, remote attacker to predictably or...
PT-2025-45593
Name of the Vulnerable Software and Affected Versions Hundred Plus EIP Plus affected versions not specified Description A flaw exists in Hundred Plus EIP Plus that allows remote attackers with elevated privileges to upload and execute web shell backdoors. Successful exploitation could lead to...