DirectAdmin
by JBMC
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18045 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2018 | JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request. | ||
| CVE-2019-9625 | Hig | 0.60 | 8.8 | 0.02 | Mar 7, 2019 | JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. |
- risk 0.64cvss 9.8epss 0.01
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
- risk 0.60cvss 8.8epss 0.02
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.