Vulnerabilities > CVE-2006-0684 - Input Validation And Access Validation vulnerability in Virtual Hosting Control System

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
virtual-hosting-control-system
exploit available
NVD
Published: 2006-02-15
Updated: 2018-10-19

Summary

change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.

Vulnerable Configurations

Part Description Count
Application
Virtual_Hosting_Control_System
1

Exploit-Db

descriptionVirtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness. CVE-2006-0684. Webapps exploit for php platform
idEDB-ID:27204
last seen2016-02-03
modified2006-02-13
published2006-02-13
reporterRoman Medina-Heigl Hernandez
sourcehttps://www.exploit-db.com/download/27204/
titleVirtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness

References