An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153492/CyberPanel-1.8.4-Cross-Site-Request-Forgery.html | Exploit Third Party Advisory VDB Entry |
https://cyberpanel.net/category/news/ | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2019-07-02 16:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-13056
Mitre link : CVE-2019-13056
CVE.ORG link : CVE-2019-13056
JSON object : View
Products Affected
cyberpanel
- cyberpanel
CWE
CWE-352
Cross-Site Request Forgery (CSRF)