Description
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8865
Scores
CVSS v3
9.8
EPSS
0.0110
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
egyplus/7ammel
< 1.0.1
Published
Jun 22, 2009
Tracked Since
Feb 18, 2026