Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Data Center Audit 2.6.2 allows attackers to reset admin passwords without permission
CVE-2018-25177
Summary
A security weakness in Data Center Audit 2.6.2 lets attackers change admin passwords without needing a password. This means an attacker could gain control of the system. Update to a fixed version of Data Center Audit or use other security measures to prevent unauthorized access.
Original title
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attack...
Original description
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
nvd CVSS3.1
5.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026