6 matches found
CVE-2018-18773
CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...
CVE-2018-18773
CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...
CVE-2018-18773
CVE-2018-18773 (CentOS Web Panel) affects CentOS Web Panel up to version 0.9.8.740. The connected documents describe a CSRF vulnerability that can target admin/index.php?module=rootpwd to change the root password, with evidence of related XSS issues that can facilitate exploiting this CSRF from a...
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest;...
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest; vuln.open"POST", url, true; vuln.withCredentials =...
CentOS Web Panel Root Account Takeover <= v0.9.8.740 Remote Command Execution Exploit
CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution. + Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url =...