CVE-2019-13071

Name of the Vulnerable Software and Affected Versions CyberPower PowerPanel Business Edition version 3.4.0

Description The issue allows an attacker to submit POST requests to any forms in the web application by exploiting a CSRF weakness in the Agent/Center component. This can be achieved by tricking an authenticated user into visiting an attacker-controlled web page.

Recommendations For CyberPower PowerPanel Business Edition version 3.4.0, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.