InfinitumIT DirectAdmin up to 1.561 FileManager CMD_FILE_MANAGER/CMD_SHOW_USER/CMD_SHOW_RESELLER CSRF privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 6.1 | $0-$5k |
A vulnerability was found in InfinitumIT DirectAdmin up to 1.561. It has been rated as critical. This issue affects some processing of the component FileManager. The manipulation of the argument CMD_FILE_MANAGER/CMD_SHOW_USER/CMD_SHOW_RESELLER with an unknown input leads to a privilege escalation vulnerability (CSRF). Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.
The weakness was presented 04/30/2019 as EDB-ID 46694 as uncorroborated exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. The identification of this vulnerability is CVE-2019-11193 since 04/11/2019. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details as well as a public exploit are known.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The exploit is available at exploit-db.com.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Vendor
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.1
VulDB Base Score: 6.3
VulDB Temp Score: 6.1
VulDB Vector: ?
VulDB Reliability: ?
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Privilege escalation / CSRF (CWE-269)
Local: No
Remote: Yes
Availability: ?
Access: Public
Status: Proof-of-Concept
Download: ?
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Exploit-DB: ?
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?
Exploit Delay Time: ?04/11/2019 CVE assigned
04/30/2019 Advisory disclosed
04/30/2019 Exploit disclosed
04/30/2019 EDB entry disclosed
04/30/2019 VulDB entry created
04/30/2019 VulDB last updateAdvisory: EDB-ID 46694
Status: Uncorroborated
CVE: CVE-2019-11193 (?)
Created: 04/30/2019 11:08 PM
Complete: ?
Comments
Upgrade your account now!
https://vuldb.com/?id.134243
Comments are closed.
No comments yet. Please log in to comment.