Lucene search
MitreCVELIST:CVE-2019-15235HistoryDec 17, 2019 - 3:20 p.m.
CVE-2019-15235
2019-12-1715:20:18
mitre
www.cve.org
0.001 Low
EPSS
Percentile
23.1%
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim’s session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim’s token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim’s password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.
Related
prion
prion
Design/Logic Flaw
2019-12-17 16:15:00
Cross site request forgery (csrf)
2019-12-17 16:15:00
nvd
nvd
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12
packetstorm
packetstorm
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure
2019-12-16 00:00:00
zdt
zdt
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability
2019-12-17 00:00:00
cve
cve
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12
cvelist
cvelist
CVE-2019-14782
2019-12-17 15:25:33