Vulnerability Details : CVE-2018-15576
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
Vulnerability category: Execute code
Products affected by CVE-2018-15576
- cpe:2.3:a:hazzardweb:easylogin_pro:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15576
10.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15576
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2018-15576
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15576
-
http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html
Easylogin Pro 1.3.0 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45227/
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
Jump to