Vulnerabilities > CVE-2019-13383 - Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.836

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
control-webpanel
CWE-203
exploit available

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.

Vulnerable Configurations

Part Description Count
Application
Control-Webpanel
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47125
last seen2019-07-16
modified2019-07-16
published2019-07-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47125
titleCentOS Control Web Panel 0.9.8.838 - User Enumeration

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/153667/centoscwp098-enumerate.txt
idPACKETSTORM:153667
last seen2019-07-17
published2019-07-16
reporterPongtorn Angsuchotmetee
sourcehttps://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html
titleCentOS Control Web Panel 0.9.8.838 User Enumeration