A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NEladmin
APPEladmin≤ 2.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2025-22978CRITICAL9.8PL ✓ten sam produkt
CSV Injection w module pobierania logów wyjątków — Eladmin
CVE-2024-44677CRITICAL9.8PL ✓ten sam produkt
SSRF umożliwiające RCE w Eladmin v2.7 — komponent DatabaseController
CVE-2024-51243HIGH7.2ten sam produkt
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all applicat...
CVE-2025-9239MEDIUM6.3ten sam produkt
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function Enc...
CVE-2025-8530MEDIUM5.5ten sam produkt
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by ...