CVE-2025-56551
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-15
Assigner: MITRE
Description
Description
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| directadmin | directadmin | 1.680 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout by sending a specially crafted GET request. This manipulation can replace the legitimate login interface with attacker-controlled content.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers can trick users into interacting with a fake login interface, potentially leading to credential theft or unauthorized access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70