Vulnerability Details CVE-2018-6617
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt
- http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html
- http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt
- http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html
Products affected by CVE-2018-6617
-
cpe:2.3:a:ehcp:easy_hosting_control_panel:0.37.12.b