CVE-2012-5683

Name of the Vulnerable Software and Affected Versions ZPanel versions 10.0.1 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests, including creating new FTP users, conducting cross-site scripting (XSS) attacks, and conducting SQL injection attacks. This can be achieved through various actions and parameters, such as the CreateFTP action in the ftp management module, the inFullname parameter in an UpdateAccountSettings action in the my account module, and the inEmailAddress parameter in an UpdateClient action in the manage clients module.

Recommendations For ZPanel versions 10.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.