ZPanel is prone to multiple remote security vulnerabilities, including: 1. A cross-site request forgery vulnerability. 2. An HTML-injection vulnerability. 3. An SQL-injection vulnerability. 4. A security-bypass weakness.
The information has been provided by machuanlei.
Attackers can exploit these issues to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to perform certain unauthorized actions, access or modify data, and exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Attackers can exploit these issues with a browser.
The following example URIs are available:
#<!---- 5 is the Client ID or ac_id_pk