87 matches found
CentOS WebPanel 7 SQL Injection
Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : N/A Type: Error Based SQL...
Centos WebPanel 7 - (term) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : N/A Type:...
Centos WebPanel 7 - term SQL Injection
Centos WebPanel 7 - term SQL Injection Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10...
Centos WebPanel 7 - 'term' SQL Injection
Exploit Title: Centos WebPanel 7 - 'term' SQL Injection Google Dork: N/A Date: 2020-03-03 Exploit Author: Berke YILMAZ Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/ Version: v6 - v7 Tested on: Kali Linux - Windows 10 CVE : CVE-2020-10230 Type: Error Based...
Design/Logic Flaw
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/USERNAME/tmp/session/sessxxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to gain access to the victim's password for the OS and...
CVE-2019-14782
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...
CVE-2019-14782
CVE-2019-14782 affects CentOS Web Panel (CWP) versions 0.9.8.856–0.9.8.864. The issue allows an attacker to obtain a victim’s session file name from the /tmp directory and the token value from /usr/local/cwpsrv/logs/access_log, then use those to request the victim’s password (for the OS and phpMy...
CVE-2019-15235
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/USERNAME/tmp/session/sessxxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to gain access to the victim's password for the OS and...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...
CVE-2019-14724
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...
CVE-2019-14724
CVE-2019-14724 affects CentOS Web Panel version 0.9.8.851. The vulnerability is an insecure object reference that allows an attacker with an attacker account to edit the victim’s e‑mail forwarding destination. Root cause: improper access control on the object representing the e‑mail forwarding se...
CVE-2019-14725
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...
CVE-2019-14725
CVE-2019-14725 affects CentOS Web Panel 0.9.8.851. Affected component is an insecure object reference that lets an attacker with an account modify the email usage value of another victim’s account. The root cause is inadequate access control on object references, enabling privilege escalation wit...
CVE-2019-14728
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account...
CVE-2019-14730
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
CVE-2019-14721
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account...
CVE-2019-14730
CVE-2019-14730 affects CentOS Web Panel 0.9.8.851. The vulnerability is an insecure object reference that allows an attacker with an account to delete a domain from another user’s account. Root cause: insufficient access control around domain management/object references. Impact: unauthorized dom...
CVE-2019-14726
CVE-2019-14726 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference that allows an attacker with an attacker account to access and delete DNS records belonging to a victim’s account. Root cause appears to be insufficient access validation for DNS management objects. Repor...
CVE-2019-14723
CVE-2019-14723 affects CentOS Web Panel 0.9.8.851 (CWP). The flaw is an insecure object reference that lets an attacker with an attacker account delete a victim’s e-mail account. Root cause is insufficient access control/object reference handling within the CWP email management flow. Documented i...