The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HSoftaculous Virtualizor
APPSoftaculous≤ 2.9.0.6Softaculous Whmcs Reseller Module
APPSoftaculous2.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-8669CRITICAL9.1PL ✓ten sam vendor
SQL Injection w pluginie WordPress Backuply (do wersji 1.3.4)
CVE-2024-24621CRITICAL9.8PL ✓ten sam vendor
Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła
CVE-2024-24622HIGH8.8ten sam vendor
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...
CVE-2024-24623HIGH8.8ten sam vendor
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...
CVE-2024-0842HIGH7.5ten sam vendor
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in a...