CVE-2024-0186

LOW

Huiran Host Reseller System < 2.0.0 - Password Reset Weakness

Title source: rule

Description

A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.

References (3)

[Third Party Advisory] https://vuldb.com/?id.249444

[Third Party Advisory] https://vuldb.com/?ctiid.249444

[Broken Link] https://note.zhaoj.in/share/WwPWWizD2Spk

Scores

CVSS v3 3.7

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-640

Status published

Products (1)

huiran_host_reseller_system_project/huiran_host_reseller_system < 2.0.0

Published Jan 02, 2024

Tracked Since Feb 18, 2026