CVE-2006-0684

Virtual Hosting Control System <2.4.7.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0684. PoCs published by Roman Medina-Heigl Hernandez.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and HTML injection vulnerability in Virtual Hosting Control System (VHCS). It uses a crafted form submission to change the password without proper authentication.

Description

change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roman Medina-Heigl Hernandez · htmlwebappsphp

https://www.exploit-db.com/exploits/27204

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and HTML injection vulnerability in Virtual Hosting Control System (VHCS). It uses a crafted form submission to change the password without proper authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Virtual Hosting Control System (VHCS)

No auth needed

Prerequisites: Access to the VHCS login interface

MITRE ATT&CK