cbcvebase.

Directadmin vulnerabilities

13 known vulnerabilities affecting directadmin/directadmin.

Total CVEs
13
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2019-9625P3HIGHCVSS 8.8PoCv1.552019-03-07
CVE-2019-9625 [HIGH] CWE-352 CVE-2019-9625: JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
nvd
CVE-2019-11193P3MEDIUMCVSS 6.1PoC≤ 1.5612019-04-30
CVE-2019-11193 [MEDIUM] CWE-79 CVE-2019-11193: The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USE The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.
nvd
CVE-2009-2216P4MEDIUMCVSS 6.1PoC≤ 1.33.62009-06-25
CVE-2009-2216 [MEDIUM] CWE-79 CVE-2009-2216: Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows re Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
nvd
CVE-2025-56551P3HIGHCVSS 8.2v1.6802025-10-03
CVE-2025-56551 [HIGH] CWE-598 CVE-2025-56551: An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and repla An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
nvd
CVE-2009-1526P4MEDIUMCVSS 6.9PoCfixed in 1.33.42009-05-05
CVE-2009-1526 [MEDIUM] CWE-59 CVE-2009-1526: JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a syml JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
nvd
CVE-2006-5983P4MEDIUMCVSS 6.0PoCv1.28.12006-11-20
CVE-2006-5983 [MEDIUM] CWE-79 CVE-2006-5983: Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_
nvd
CVE-2017-18045P3CRITICALCVSS 9.8fixed in 1.522018-01-21
CVE-2017-18045 [CRITICAL] CVE-2017-18045: JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote a JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
nvd
CVE-2009-1525P3HIGHCVSS 8.5fixed in 1.33.42009-05-05
CVE-2009-1525 [HIGH] CWE-20 CVE-2009-1525: CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privilege CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
nvd
CVE-2007-1926P4MEDIUMCVSS 6.8fixed in 1.29.32007-04-10
CVE-2007-1926 [MEDIUM] CWE-79 CVE-2007-1926: Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML
nvd
CVE-2012-5305P4MEDIUMCVSS 4.3v1.4032012-10-06
CVE-2012-5305 [MEDIUM] CWE-79 CVE-2012-5305: Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows rem Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
nvd
CVE-2007-3501P4MEDIUMCVSS 4.3≤ 1.30.12007-06-30
CVE-2007-3501 [MEDIUM] CVE-2007-3501: Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
nvd
CVE-2012-3842P4MEDIUMCVSS 4.3v1.4032012-07-03
CVE-2012-3842 [MEDIUM] CWE-79 CVE-2012-3842: Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.
nvd
CVE-2007-4830P4MEDIUMCVSS 4.3≤ 1.30.22007-09-12
CVE-2007-4830 [MEDIUM] CWE-79 CVE-2007-4830: Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlie Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
nvd
Directadmin vulnerabilities | cvebase