Description
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aitezaz Mohsin · pythonwebappswindows
https://www.exploit-db.com/exploits/42153
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
echatserver/easy_chat_server
2.0 - 3.1
Published
Jun 12, 2017
Tracked Since
Feb 18, 2026