Vulnerability Details CVE-2018-25221
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2018-25221
-
cpe:2.3:a:echatserver:easy_chat_server:1.0
-
cpe:2.3:a:echatserver:easy_chat_server:1.1
-
cpe:2.3:a:echatserver:easy_chat_server:1.2
-
cpe:2.3:a:echatserver:easy_chat_server:1.3
-
cpe:2.3:a:echatserver:easy_chat_server:1.5
-
cpe:2.3:a:echatserver:easy_chat_server:1.6
-
cpe:2.3:a:echatserver:easy_chat_server:2.0
-
cpe:2.3:a:echatserver:easy_chat_server:2.1
-
cpe:2.3:a:echatserver:easy_chat_server:2.2
-
cpe:2.3:a:echatserver:easy_chat_server:2.5
-
cpe:2.3:a:echatserver:easy_chat_server:3.0
-
cpe:2.3:a:echatserver:easy_chat_server:3.1