EIP Plus

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-12866	Hundred Plus EIP Plus	Cri	0.64	9.8	0.00		Nov 10, 2025	EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
CVE-2025-12867	Hundred Plus EIP Plus	Hig	0.47	7.2	0.00		Nov 10, 2025	EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVE-2025-12866CriNov 10, 2025
Hundred Plus
EIP Plus
risk 0.64cvss 9.8epss 0.00
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
CVE-2025-12867HigNov 10, 2025
Hundred Plus
EIP Plus
risk 0.47cvss 7.2epss 0.00
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.