CVE-2019-11193

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561

Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker to bypass CSRF protection and potentially take over the administration panel.

Recommendations For versions prior to v1.561, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the FileManager and its associated commands to minimize the risk of exploitation.