PT-2014-2354 · Zpanel · Zpanel

Pcsjj

·

Published

2014-08-14

·

Updated

2014-08-14

·

CVE-2012-5685

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions ZPanel versions 10.0.1 and earlier
Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage clients module.
Recommendations For ZPanel versions 10.0.1 and earlier, update to a version later than 10.0.1 to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2012-5685

Affected Products

Zpanel