Vulnerabilities > CVE-2019-13605 - Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

control-webpanel

CWE-639

exploit available

NVD

Published: 2019-07-16

Updated: 2023-01-24

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.

Vulnerable Configurations

Part	Description	Count
Application	Control-Webpanel Control Webpanel Webpanel 0.9.8.836	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

Exploit-Db

id	EDB-ID:47123
last seen	2019-07-16
modified	2019-07-16
published	2019-07-16
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47123
title	CentOS Control Web Panel 0.9.8.836 - Authentication Bypass

Packetstorm

data source	https://packetstormsecurity.com/files/download/153665/centoscwp098-bypass.txt
id	PACKETSTORM:153665
last seen	2019-07-17
published	2019-07-16
reporter	Pongtorn Angsuchotmetee
source	https://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
title	CentOS Control Web Panel 0.9.8.836 Authentication Bypass

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References