Remote Authentication Bypass in WHMCS Reseller Module of Softaculous Virtualizor
CVE-2017-6513

9.9CRITICAL

Key Information:

Vendor: Softaculous
Status: Whmcs Reseller Module
Vendor: CVE Published:; 11 March 2017

What is CVE-2017-6513?

The WHMCS Reseller Module version 2.0.2 in Softaculous Virtualizor prior to version 2.9.1.0 exhibits a vulnerability that fails to properly verify user access, leading to potential unauthorized control of virtual machines. Attackers with valid credentials can exploit this flaw by altering the URL, gaining access to resources that should be restricted, and potentially compromising the security of the hosted environment.

References

https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aa...

x_refsource_MISC

http://www.virtualizor.com/blog/?p=1551

x_refsource_CONFIRM

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 11, 2017
Vulnerability Reserved
Mar 7, 2017