Hundred Plus Eip Plus vulnerabilities
2 known vulnerabilities affecting hundred_plus/eip_plus.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-12866P2CRITICALCVSS 9.8fixed in RELEASE_2406262025-11-10
CVE-2025-12866 [CRITICAL] CWE-640 CVE-2025-12866: EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing un
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
nvd
CVE-2025-12867P3HIGHCVSS 7.2fixed in RELEASE_2406262025-11-10
CVE-2025-12867 [HIGH] CWE-434 CVE-2025-12867: EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged r
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd