Lucene search
K

5 matches found

NVD
NVD
added 2018/11/20 7:29 p.m.20 views

CVE-2018-18772

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

8.8CVSS8.8AI score0.0348EPSS
Exploits6References3
Cvelist
Cvelist
added 2018/11/20 7:0 p.m.22 views

CVE-2018-18772

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

8.8AI score0.0348EPSS
Exploits6References3
CVE
CVE
added 2018/11/20 7:0 p.m.94 views

CVE-2018-18772

CVE-2018-18772 affects CentOS Web Panel (CWP) up to version 0.9.8.740, which is vulnerable to Cross-Site Request Forgery via admin/index.php?module=send_ssh. The weakness allows an attacker to execute arbitrary OS commands and potentially take over the root account, as documented in the CVE entry...

8.8CVSS8.7AI score0.0348EPSS
Exploits6References3Affected Software1
0day.today
0day.today
added 2018/11/14 12:0 a.m.55 views

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest;...

7.6AI score0.04751EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.40 views

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting

Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest; vuln.open"POST", url, true; vuln.withCredentials =...

8.8CVSS7.4AI score0.04751EPSS
Exploits8
Rows per page
Query Builder