CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27200

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.034

EPSS Ranking 87.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200
https://www.exploit-db.com/exploits/49989
https://www.wowonder.com
https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200
https://www.exploit-db.com/exploits/49989
https://www.wowonder.com

Products affected by CVE-2021-27200

Wowonder » Wowonder » Version: 3.0.4

cpe:2.3:a:wowonder:wowonder:3.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27200

Products

Pricing

Contact Us