Vulnerabilities > CVE-2019-13360 - Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
control-webpanel
CWE-639
critical
exploit available

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.

Vulnerable Configurations

Part Description Count
Application
Control-Webpanel
1

Exploit-Db

idEDB-ID:47123
last seen2019-07-16
modified2019-07-16
published2019-07-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47123
titleCentOS Control Web Panel 0.9.8.836 - Authentication Bypass

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/153665/centoscwp098-bypass.txt
idPACKETSTORM:153665
last seen2019-07-17
published2019-07-16
reporterPongtorn Angsuchotmetee
sourcehttps://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
titleCentOS Control Web Panel 0.9.8.836 Authentication Bypass