CVE-2024-0186

Name of the Vulnerable Software and Affected Versions HuiRan Host Reseller System versions up to 2.0.0

Description A vulnerability has been found in the HuiRan Host Reseller System, affecting an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. This leads to weak password recovery and can be launched remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For HuiRan Host Reseller System versions up to 2.0.0, consider disabling the weak password recovery function until a patch is available. Restrict access to the /user/index/findpass?do=4 endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.