CVE-2017-6513
Summary
| CVE | CVE-2017-6513 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-11 06:59:00 UTC |
| Updated | 2017-04-13 01:59:00 UTC |
| Description | The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. |
Risk And Classification
Problem Types: CWE-275
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Softaculous | Virtualizor | All | All | All | All |
| Application | Softaculous | Virtualizor | All | All | All | All |
| Application | Softaculous | Whmcs Reseller Module | 2.0.2 | All | All | All |
| Application | Softaculous | Whmcs Reseller Module | 2.0.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WHMCS Reseller Module V2 for Softaculous Virtualizor Privilege Escalation · GitHub | MISC | gist.github.com | |
| Updated WHMCS Modules – Virtualizor Blog | CONFIRM | www.virtualizor.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.