VYPR

DirectAdmin

by JBMC

CVEs (2)

  • CVE-2017-18045CriJan 21, 2018
    risk 0.64cvss 9.8epss 0.01

    JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.

  • CVE-2019-9625HigMar 7, 2019
    risk 0.60cvss 8.8epss 0.02

    JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.