clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and previous versions allows remote malicious users to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
whm autopilot whm autopilot 2.4.5 |