A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.
References
Link | Resource |
---|---|
https://note.zhaoj.in/share/WwPWWizD2Spk | Broken Link |
https://vuldb.com/?ctiid.249444 | Third Party Advisory |
https://vuldb.com/?id.249444 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Jan 2024, 19:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:huiran_host_reseller_system_project:huiran_host_reseller_system:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | () https://vuldb.com/?id.249444 - Third Party Advisory | |
References | () https://vuldb.com/?ctiid.249444 - Third Party Advisory | |
References | () https://note.zhaoj.in/share/WwPWWizD2Spk - Broken Link | |
First Time |
Huiran Host Reseller System Project huiran Host Reseller System
Huiran Host Reseller System Project |
02 Jan 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-02 01:15
Updated : 2024-05-17 02:34
NVD link : CVE-2024-0186
Mitre link : CVE-2024-0186
CVE.ORG link : CVE-2024-0186
JSON object : View
Products Affected
huiran_host_reseller_system_project
- huiran_host_reseller_system
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password