Lucene search

[email protected]CVE-2012-5683

HistoryAug 14, 2014 - 2:55 p.m.

CVE-2012-5683

2014-08-1414:55:05

CWE-352

[email protected]

web.nvd.nist.gov

csrf

zpanel

10.0.1

remote attackers

authentication hijacking

xss

sql injection

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.

Affected configurations

NVD

Node

zpanelcpzpanelRange≤10.0.1

CPENameOperatorVersion
zpanelcp:zpanelzpanelcp zpanelle10.0.1

CPE	Name	Operator	Version
zpanelcp:zpanel	zpanelcp zpanel	le	10.0.1

References

osvdb.org/show/osvdb/87140

packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html

secunia.com/advisories/51172

www.exploit-db.com/exploits/22490

exchange.xforce.ibmcloud.com/vulnerabilities/79838

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2012-5683

cvelist1 nvd1 prion1 packetstorm1 seebug1 exploitpack1 exploitdb1