CVE-2019-11193
published 2019-04-30CVE-2019-11193: The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF…
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.09%
79.3th percentile
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| directadmin | directadmin | <= 1.561 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.htmlhttps://numanozdemir.com/respdisc/directadmin.pdfhttps://www.exploit-db.com/exploits/46694http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.htmlhttps://numanozdemir.com/respdisc/directadmin.pdfhttps://www.exploit-db.com/exploits/46694
2019-04-30
Published