Vulnerability CVE-2019-13071


Published: 2019-07-10

Description:
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cyberpowersystems -> Powerpanel 

 References:
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html
http://seclists.org/fulldisclosure/2019/Jul/11

Copyright 2024, cxsecurity.com

 

Back to Top