CVE-2006-0685

Virtual Hosting Control System <2.4.7.1 - Privilege Escalation

Title source: llm

Description

The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roman Medina-Heigl Hernandez · htmlwebappsphp

https://www.exploit-db.com/exploits/27205

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://secunia.com/advisories/18799

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/424816/100/0/threaded

[Vendor Advisory] http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16600

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24666

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0534

Scores

EPSS 0.0907

EPSS Percentile 92.7%

Details

Status published

Products (1)

virtual_hosting_control_system/virtual_hosting_control_system < 2.4.7.1

Published Feb 15, 2006

Tracked Since Feb 18, 2026