VIR Vulnerability Intelligence Relay

CVE-2017-6513

critical
Published 2017-03-11 · Modified 2026-05-13
CVSS v3
9.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
9.9

Description

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.

Predictions

Exploit likelihood
98%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.virtualizor.com/blog/?p=1551

Application impact
VendorProductVersionsFixed
softaculouswhmcs_reseller_module2.0.2
softaculousvirtualizor{"endIncluding":"2.9.0.6"}

References

CWEs

CWE-275

Verify integrity in audit chain (admin only). AS-IS.