CVE-2019-13071

Published: Jul 10, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.

Affected (1)

Products: Cyberpowersystems: Powerpanel

Cyberpowersystems

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cyberpowersystems Powerpanel	Version 3.4.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/11

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jul/11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.