Published: 24/08/2018 Updated: 24/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in EasyLogin Pro up to and including 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hazzardweb easylogin pro

#!/usr/bin/php <?php /* Easylogin Pro Encryptorphp Unserialize Remote Code Execution Vulnerability Version: 130 Platform: Ubuntu Server 18041 Bug found by: @f99942 Tekniq/exploit by: @steventseeley (mr_me) CVE: CVE-2018-15576 Notes: ====== - This is not really a security issue I guess, because you need to know the key But a simple d ...

Easylogin Pro version 130 suffers from an a deserialization issue in Encryptorphp that permits a code execution vulnerability ...

CWE-502 http://packetstormsecurity.com/files/149018/Easylogin-Pro-1.3.0-Remote-Code-Execution.html https://www.exploit-db.com/exploits/45227/https://nvd.nist.gov https://www.exploit-db.com/exploits/45227/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-15576

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect