3 matches found
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the username parameter, th...
CVE-2020-15618
The CVE-2020-15618 issue affects CentOS Web Panel (cwp-e17.0.9.8.923) and is a SQL injection in ajax_list_accounts.php triggered by the username parameter. It allows remote, unauthenticated attackers to disclose sensitive information in the root context. The vulnerability is documented by ZDI (ZD...
CVE-2020-15618
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the username parameter, th...