HIGH🇬🇧 English

CVE-2025-56551

CVSS 8.2v3.1pub. 2025-10-03upd. 2025-10-15

An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
  • Directadmin

    APP
    Directadmin
    1.680
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-18045CRITICAL9.8ten sam produkt

JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers t...

CVE-2019-9625HIGH8.8ten sam produkt

JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.

CVE-2009-1525HIGH8.5ten sam produkt

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shel...

CVE-2019-11193MEDIUM6.1ten sam produkt

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD...

CVE-2012-5305MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attack...

CVE-2025-56551 — HIGH 8.2 | CVEbaza.pl