Medium severity5.3NVD Advisory· Published Mar 6, 2026· Updated Apr 15, 2026
CVE-2018-25177
CVE-2018-25177
Description
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 2.6.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.