In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html | Exploit Third Party Advisory VDB Entry |
https://centos-webpanel.com/changelog-cwp7 | Release Notes |
Configurations
History
03 Mar 2023, 14:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-08-21 19:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-14245
Mitre link : CVE-2019-14245
CVE.ORG link : CVE-2019-14245
JSON object : View
Products Affected
centos-webpanel
- centos_web_panel
CWE
CWE-639
Authorization Bypass Through User-Controlled Key