Cyberpower · Cyberpower Powerpanel Business Edition · CVE-2019-13071
**Name of the Vulnerable Software and Affected Versions**
CyberPower PowerPanel Business Edition version 3.4.0
**Description**
The issue allows an attacker to submit POST requests to any forms in the web application by exploiting a CSRF weakness in the Agent/Center component. This can be achieved by tricking an authenticated user into visiting an attacker-controlled web page.
**Recommendations**
For CyberPower PowerPanel Business Edition version 3.4.0, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.