CVE-2017-6513

{"id": "CVE-2017-6513", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2017-03-11T06:59:00.243", "references": [{"url": "http://www.virtualizor.com/blog/?p=1551", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7", "source": "cve@mitre.org"}, {"url": "http://www.virtualizor.com/blog/?p=1551", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL."}, {"lang": "es", "value": "El WHMCS Reseller Module V2 2.0.2 en Softaculous Virtualizor en versiones anteriores a 2.9.1.0 no verifica correctamente al usuario, lo que permite a usuarios remotos autenticados controlar otras m\u00e1quinas virtuales gestionadas a trav\u00e9s de Virtualizor accediendo a una URL modificada."}], "lastModified": "2024-11-21T03:29:56.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softaculous:whmcs_reseller_module:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A3668E7-57FF-42AC-92FE-1241754A724F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softaculous:virtualizor:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D384A26-87A2-43B1-AC3D-36E386C385EC", "versionEndIncluding": "2.9.0.6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}