CVE-2012-5684
ZPanel < 10.0.1 - Cross-Site Scripting via inFullname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-5684. PoCs published by pcsjj.
AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in ZPanel <= 10.0.1, including CSRF, XSS, SQL injection, and a password reset weakness. It provides detailed HTTP requests to exploit these flaws, such as creating FTP users, injecting malicious scripts, and manipulating database content.
Description
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
Exploits (1)
This exploit demonstrates multiple vulnerabilities in ZPanel <= 10.0.1, including CSRF, XSS, SQL injection, and a password reset weakness. It provides detailed HTTP requests to exploit these flaws, such as creating FTP users, injecting malicious scripts, and manipulating database content.