The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
References
Link | Resource |
---|---|
http://www.virtualizor.com/blog/?p=1551 | Patch Vendor Advisory |
https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7 | |
http://www.virtualizor.com/blog/?p=1551 | Patch Vendor Advisory |
https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.virtualizor.com/blog/?p=1551 - Patch, Vendor Advisory | |
References | () https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7 - |
Information
Published : 2017-03-11 06:59
Updated : 2024-11-21 03:29
NVD link : CVE-2017-6513
Mitre link : CVE-2017-6513
CVE.ORG link : CVE-2017-6513
JSON object : View
Products Affected
softaculous
- virtualizor
- whmcs_reseller_module
CWE
CWE-275
Permission Issues