Lucene search

K
cve[email protected]CVE-2020-15624
HistoryJul 28, 2020 - 5:15 p.m.

CVE-2020-15624

2020-07-2817:15:15
CWE-89
web.nvd.nist.gov
21
cve-2020-15624
remote code execution
centos web panel
cwp-e17.0.9.8.923
vulnerability
information disclosure
authentication bypass

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.007 Low

EPSS

Percentile

80.2%

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9727.

Affected configurations

Vulners
NVD
Node
controlwebpanelRange0.9.8.923

CNA Affected

[
  {
    "product": "CentOS Web Panel",
    "vendor": "CentOS Web Panel",
    "versions": [
      {
        "status": "affected",
        "version": "cwp-e17.0.9.8.923"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.007 Low

EPSS

Percentile

80.2%

Related for CVE-2020-15624