{"api_version":"1","generated_at":"2026-04-23T15:28:04+00:00","cve":"CVE-2017-6513","urls":{"html":"https://cve.report/CVE-2017-6513","api":"https://cve.report/api/cve/CVE-2017-6513.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-6513","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-6513"},"summary":{"title":"CVE-2017-6513","description":"The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-03-11 06:59:00","updated_at":"2017-04-13 01:59:00"},"problem_types":["CWE-275"],"metrics":[],"references":[{"url":"https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7","name":"https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7","refsource":"MISC","tags":[],"title":"WHMCS Reseller Module V2 for Softaculous Virtualizor Privilege Escalation · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.virtualizor.com/blog/?p=1551","name":"http://www.virtualizor.com/blog/?p=1551","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Updated WHMCS Modules – Virtualizor Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-6513","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6513","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"6513","vulnerable":"-1","versionEndIncluding":"2.9.0.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"softaculous","cpe5":"virtualizor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6513","vulnerable":"0","versionEndIncluding":"2.9.0.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"softaculous","cpe5":"virtualizor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6513","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"softaculous","cpe5":"whmcs_reseller_module","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"6513","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"softaculous","cpe5":"whmcs_reseller_module","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-6513","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7","refsource":"MISC","url":"https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7"},{"name":"http://www.virtualizor.com/blog/?p=1551","refsource":"CONFIRM","url":"http://www.virtualizor.com/blog/?p=1551"}]}},"nvd":{"publishedDate":"2017-03-11 06:59:00","lastModifiedDate":"2017-04-13 01:59:00","problem_types":["CWE-275"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.1,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:softaculous:whmcs_reseller_module:2.0.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:a:softaculous:virtualizor:*:*:*:*:*:*:*:*","versionEndIncluding":"2.9.0.6","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"6513","Ordinal":"103199","Title":"CVE-2017-6513","CVE":"CVE-2017-6513","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"6513","Ordinal":"1","NoteData":"The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"6513","Ordinal":"2","NoteData":"2017-03-11","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"6513","Ordinal":"3","NoteData":"2017-04-11","Type":"Other","Title":"Modified"}]}}}