Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-41382. PoCs published by Basavaraj Banakar.
AI-analyzed exploit summary This exploit describes an authentication bypass vulnerability in Plastic SCM WebAdmin by leveraging an exposed registration endpoint to reset the administrator password. No code is provided, only step-by-step instructions.
Description
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
Exploits (1)
exploitdb
WRITEUP
by Basavaraj Banakar · textwebappsmultiple
https://www.exploit-db.com/exploits/50426
This exploit describes an authentication bypass vulnerability in Plastic SCM WebAdmin by leveraging an exposed registration endpoint to reset the administrator password. No code is provided, only step-by-step instructions.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Plastic SCM < 10.0.16.5622
No auth needed
Prerequisites:
Access to the target's WebAdmin interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.plasticscm.com/download/releasenotes/10.0.16.5622
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Insecure-Direct-Object-Reference.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/164531/Plastic-SCM-10.0.16.5622-Improper-Access-Control.html
Scores
CVSS v3
7.5
EPSS
0.0894
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
plasticscm/plastic_scm
< 10.0.16.5622
Published
Sep 22, 2021
Tracked Since
Feb 18, 2026