CVE-2018-25177 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by sub…
Medium CVSS: 6.9

CVE-2018-25177

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
Vendor
-
Product
-
CWE
CWE-352
Yayın Tarihi
2026-03-06 13:15:59
Güncelleme
2026-03-09 13:35:34
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://www.exploit-db.com/exploits/45831 https://www.vulncheck.com/advisories/data-center-audit-cross-site-request-forgery-via-dca-resetpwphp