Vulnerabilities > CVE-2019-13386 - Incorrect Authorization vulnerability in Centos-Webpanel Centos web Panel 0.9.8.846

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

centos-webpanel

CWE-863

NVD

Published: 2019-07-26

Updated: 2023-02-28

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.

Vulnerable Configurations

Part	Description	Count
Application	Centos-Webpanel Centos Webpanel Centos WEB Panel 0.9.8.846	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/153876/cwp098836-exec.txt
id	PACKETSTORM:153876
last seen	2019-09-05
published	2019-08-05
reporter	Pongtorn Angsuchotmetee
source	https://packetstormsecurity.com/files/153876/CentOS-WebPanel.com-Control-Web-Panel-0.9.8.836-Remote-Command-Execution.html
title	CentOS-WebPanel.com Control Web Panel 0.9.8.836 Remote Command Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References