CVE-2019-14722

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...

CVE-2019-14722

CVE-2019-14722 affects CentOS Web Panel 0.9.8.851. The vulnerability is an insecure object reference in the email forwarding management that allows an attacker with an attacker account to delete an email forwarding destination belonging to a victim’s account. The connected documents confirm the a...

CVE-2019-14721

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...

CVE-2019-14721

CVE-2019-14721 affects CentOS Web Panel (CWP) 0.9.8.851. The vulnerability is described as an insecure object reference that lets an attacker with an attacker account remove a target user from phpMyAdmin. Multiple sources (Red Hat CVE entry, CNVD aggregations) corroborate the impact of removing o...

PT-2019-4388 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to change the e-mail password of a victim account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which...

PT-2019-4387 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to access and delete DNS records of a victim's account via an attacker account due to an insecure object reference. This is caused by insufficient input validation,...

PT-2019-13802 · Php +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to remove a target user from phpMyAdmin via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.851, consider restricting...

PT-2019-4390 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a sub-domain from a user's account. This can be achieved by an attacker using their...

PT-2019-4386 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete a victim's e-mail account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be...

PT-2019-13803 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.85...

PT-2019-4644 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a domain from a user's account. This can be achieved by an attacker using their own...

PT-2019-4389 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue is related to an insecure object reference in CentOS Web Panel, which allows an attacker to add an e-mail forwarding destination to a victim's account. This is due to insufficient inpu...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14245

CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...

CVE-2019-14246

CVE-2019-14246 affects CentOS Web Panel (CWP) 0.9.8.851. An insecure object reference in the PHPMyAdmin password change flow enables an attacker account to discover or retrieve phpMyAdmin passwords for any user (password data in /etc/passwd) through the affected web interface path. The vulnerabil...