Lucene search
PRIOn knowledge basePRION:CVE-2019-15235HistoryDec 17, 2019 - 4:15 p.m.
Design/Logic Flaw
2019-12-1716:15:00
PRIOn knowledge base
www.prio-n.com
4
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim’s session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim’s token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim’s password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.
Related
cvelist
cvelist
CVE-2019-15235
2019-12-17 15:20:18
CVE-2019-14782
2019-12-17 15:25:33
nvd
nvd
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12
packetstorm
packetstorm
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure
2019-12-16 00:00:00
zdt
zdt
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability
2019-12-17 00:00:00
cve
cve
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12
prion
prion
Cross site request forgery (csrf)
2019-12-17 16:15:00