![]() During that time the estimated underground price was around $0-$5k. ![]() The vulnerability was handled as a non-public zero-day exploit for at least 4 days. The MITRE ATT&CK project declares the attack technique as T1059. Technical details and a public exploit are known. ![]() The exploitation doesn't require any form of authentication. It is possible to launch the attack remotely. This vulnerability is traded as CVE-2018-15576 since. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key. CVE summarizes:Īn issue was discovered in EasyLogin Pro through 1.3.0. This is going to have an impact on confidentiality, integrity, and availability. The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. The manipulation with an unknown input leads to a code injection vulnerability. Affected is the function decrypt of the file Encryptor.php. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability classified as critical has been found in EasyLogin Pro up to 1.3.0. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |