CVE-2017-9557

HIGH

EFS Software Easy Chat Server <3.1 - Info Disclosure

Title source: llm

Description

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aitezaz Mohsin · pythonwebappswindows

https://www.exploit-db.com/exploits/42153

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42153/

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Affected Products (1)

echatserver/easy_chat_server < 3.1

Timeline

Published Jun 12, 2017

Tracked Since Feb 18, 2026