CVE-2012-5686
9.8CRITICAL
ZPanel 10.0.1 has insufficient entropy for its password reset process.
ZPanel 10.0.1 has insufficient entropy for its password reset process.
2/4/2020CWE-640, CWE-798
EDB-22490webappsmultipleVERIFIED
ZPanel 10.0.1 - Cross-Site Request Forgery / Cross-Site Scripting / SQL Injection / Password Reset
pcsjj11/5/2012
AI AnalysisPowered by AI
Exploit Code
Exploit code not available in database
View Source on GitLabRelated CVEs (4)
CVE-2012-5685
NONE
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients modu
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients modu...
8/14/2014CWE-89
CVE-2012-5684
NONE
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in ...
8/14/2014CWE-79
CVE-2012-5683
NONE
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users...
8/14/2014CWE-352