CVE-2019-13071

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cyberpowersystems:powerpanel:3.4.0:*:*:*:business:*:*:*

History

21 Nov 2024, 04:24

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory () http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory
References () http://seclists.org/fulldisclosure/2019/Jul/11 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2019/Jul/11 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2019-07-10 14:15

Updated : 2024-11-21 04:24


NVD link : CVE-2019-13071

Mitre link : CVE-2019-13071

CVE.ORG link : CVE-2019-13071


JSON object : View

Products Affected

cyberpowersystems

  • powerpanel
CWE
CWE-352

Cross-Site Request Forgery (CSRF)