Vulnerabilities > CVE-2019-13605 - Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:47123 |
last seen | 2019-07-16 |
modified | 2019-07-16 |
published | 2019-07-16 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/47123 |
title | CentOS Control Web Panel 0.9.8.836 - Authentication Bypass |
Packetstorm
data source | https://packetstormsecurity.com/files/download/153665/centoscwp098-bypass.txt |
id | PACKETSTORM:153665 |
last seen | 2019-07-17 |
published | 2019-07-16 |
reporter | Pongtorn Angsuchotmetee |
source | https://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html |
title | CentOS Control Web Panel 0.9.8.836 Authentication Bypass |
References
- http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
- http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
- https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md
- https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md
- https://www.exploit-db.com/exploits/47123
- https://www.exploit-db.com/exploits/47123