CVE-2018-15576

moderate-risk
Published 2018-08-24

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.

Do I need to act?

~
8.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45227
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Hazzardweb

References (4)

Exploit http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Exec...
Exploit https://www.exploit-db.com/exploits/45227/
Exploit http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Exec...
Exploit https://www.exploit-db.com/exploits/45227/
46
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal