CVE-2019-13071

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
cyberpowersystemspowerpanel
3.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html
http://seclists.org/fulldisclosure/2019/Jul/11
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-Cross-Site-Request-Forgery.html
http://seclists.org/fulldisclosure/2019/Jul/11