CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Jul/11 | Exploit Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Jul/11 | Exploit Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 04:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html - Exploit, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2019/Jul/11 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2019-07-10 14:15
Updated : 2024-11-21 04:24
NVD link : CVE-2019-13071
Mitre link : CVE-2019-13071
CVE.ORG link : CVE-2019-13071
JSON object : View
Products Affected
cyberpowersystems
- powerpanel
CWE
CWE-352
Cross-Site Request Forgery (CSRF)