← back
CVE-2019-11193

CVE-2019-11193

EPSS 2.1%
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46694unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.htmlhttps://numanozdemir.com/respdisc/directadmin.pdfhttps://www.exploit-db.com/exploits/46694