CVE-2019-13056
HIGHCyberPanel < 1.8.4 - Cross-Site Request Forgery on User Edit Page
Title source: llmDescription
An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cyberpanel.net/category/news/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153492/CyberPanel-1.8.4-Cross-Site-Request-Forgery.html
Scores
CVSS v3
8.8
EPSS
0.0084
EPSS Percentile
53.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
cyberpanel/cyberpanel
< 1.8.4
Published
Jul 02, 2019
Tracked Since
Feb 18, 2026