Lucene search
K

6 matches found

OSV
OSV
added 2018/11/20 7:29 p.m.3 views

CVE-2018-18773

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...

8.8CVSS5.8AI score0.03409EPSS
Exploits6References3
NVD
NVD
added 2018/11/20 7:29 p.m.12 views

CVE-2018-18773

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...

8.8CVSS8.8AI score0.03409EPSS
Exploits6References3
CVE
CVE
added 2018/11/20 7:0 p.m.95 views

CVE-2018-18773

CVE-2018-18773 (CentOS Web Panel) affects CentOS Web Panel up to version 0.9.8.740. The connected documents describe a CSRF vulnerability that can target admin/index.php?module=rootpwd to change the root password, with evidence of related XSS issues that can facilitate exploiting this CSRF from a...

8.8CVSS8.6AI score0.03409EPSS
Exploits6References3Affected Software1
0day.today
0day.today
added 2018/11/14 12:0 a.m.55 views

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest;...

7.6AI score0.04751EPSS
Exploits8
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.40 views

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting

Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url = "http://targetserver:2030/admin/index.php?module=rootpwd"; var params = "ifpost=yes&password1=newpassword&password2=newpassword"; var vuln = new XMLHttpRequest; vuln.open"POST", url, true; vuln.withCredentials =...

8.8CVSS7.4AI score0.04751EPSS
Exploits8
0day.today
0day.today
added 2018/11/05 12:0 a.m.180 views

CentOS Web Panel Root Account Takeover <= v0.9.8.740 Remote Command Execution Exploit

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution. + Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url =...

8.8CVSS0.4AI score0.04751EPSS
Exploits8
Rows per page
Query Builder