Permission Issues

CVE-2017-6513

High

9.9/10

Summary

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-275 - Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

References

Advisory Timeline

Published Mar 11, 2017

Permission Issues

CVE-2017-6513

Summary

CWE-275 - Permission Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS