CVE Details
Basic Information
| Title | elunez eladmin Druid application-prod.yml default credentials |
|---|---|
| Type | cve |
| Published | 2025-08-04T23:02:06.927Z |
| Modified | 2025-08-04T23:02:06.927Z |
Product Information
| Vendor | elunez |
|---|---|
| Product | eladmin |
| Version | 2.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A vulnerability in elunez eladmin allows attackers to use default credentials due to improper configuration in the application-prod.yml file. This could allow unauthorized access to the system. The issue affects versions up to 2.7 and can be exploited remotely. |
|---|---|
| AI Severity | Medium |
| AI Vendor | elunez |
| AI Product | eladmin |
| AI Version | 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 |
Affected Products
- elunez eladmin 2.0
- elunez eladmin 2.1
- elunez eladmin 2.2
- elunez eladmin 2.3
- elunez eladmin 2.4
- elunez eladmin 2.5
- elunez eladmin 2.6
- elunez eladmin 2.7
Additional Information
| CWE List | CWE-1392 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.