CVE-2024-0186
LOWDescription
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| huiran_host_reseller_system_project | huiran_host_reseller_system |
References
Frequently Asked Questions
What is CVE-2024-0186? +
How severe is CVE-2024-0186? +
What products are affected by CVE-2024-0186? +
How do I check if I'm vulnerable to CVE-2024-0186? +
Related Vulnerabilities
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An …
Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server …
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already …
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, …
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the …
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through …