CRITICAL🇵🇱 Wersja polska

CVE-2017-6513

CVSS 9.9v3.0pub. 2017-03-11upd. 2026-05-13

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Softaculous Virtualizor

    APP
    Softaculous
    ≤ 2.9.0.6
  • Softaculous Whmcs Reseller Module

    APP
    Softaculous
    2.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-8669CRITICAL9.1PL ✓ten sam vendor

SQL Injection w pluginie WordPress Backuply (do wersji 1.3.4)

CVE-2024-24621CRITICAL9.8PL ✓ten sam vendor

Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła

CVE-2024-24622HIGH8.8ten sam vendor

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...

CVE-2024-24623HIGH8.8ten sam vendor

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...

CVE-2024-0842HIGH7.5ten sam vendor

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in a...