3 matches found
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...
CVE-2020-15620
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...
CVE-2020-15620
The CVE-2020-15620 issue affects CentOS Web Panel (cwp-e17.0.9.8.923) and is a SQL injection in ajax_list_accounts.php where the id parameter is used to build queries without proper validation, enabling information disclosure in the context of root. This is documented across multiple sources (ZDI...