Nissana Sirijirakal

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to modify the e-mail usage value of a victim's account using their own account, due to an insecure object reference. **Recommendations** For version 0.9.8.851, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account due to an insecure object reference. **Recommendations** For version 0.9.8.851, consider restricting access to email forwarding settings to prevent unauthorized modifications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a sub-domain from a user's account. This can be achieved by an attacker using their own account to exploit the insecure object reference. **Recommendations** For version 0.9.8.851, consider restricting access to the sub-domain management functionality until a patch is available. As a temporary workaround, monitor user accounts for unauthorized sub-domain deletions and implement additional validation checks on input data to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to remove a target user from phpMyAdmin via an attacker account due to an insecure object reference. **Recommendations** For version 0.9.8.851, consider restricting access to phpMyAdmin to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account due to an insecure object reference. **Recommendations** For version 0.9.8.851, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a domain from a user's account. This can be achieved by an attacker using their own account to exploit the insecure object reference. **Recommendations** For version 0.9.8.851, consider restricting access to domain management features until a patch is available. As a temporary workaround, monitor user accounts for unauthorized domain removals and restrict access to the vulnerable `delete domain` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue is related to an insecure object reference in CentOS Web Panel, which allows an attacker to add an e-mail forwarding destination to a victim's account. This is due to insufficient input validation, enabling a remote attacker to exploit the weakness and modify a user's account settings by adding an email forwarding address. **Recommendations** For version 0.9.8.851, as a temporary workaround, consider restricting access to email forwarding settings until a patch is available. Avoid using the email forwarding feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to access and delete DNS records of a victim's account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be exploited by a remote attacker to gain access to a user's DNS records. **Recommendations** For version 0.9.8.851, consider restricting access to DNS record management functions until a patch is available. As a temporary workaround, limit the ability to delete DNS records to minimize the risk of exploitation. Avoid using the vulnerable DNS record management feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to change the e-mail password of a victim account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be exploited by a remote attacker to modify a user's email password. **Recommendations** For version 0.9.8.851, consider restricting access to the email password change functionality until a patch is available. As a temporary workaround, monitor user account activity closely to detect potential unauthorized changes to email passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.851 **Description** The issue allows an attacker to delete a victim's e-mail account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be exploited by a remote attacker to delete a user's email account. **Recommendations** For version 0.9.8.851, consider restricting access to email account management features until a patch is available. As a temporary workaround, monitor email account activity closely to detect and respond to potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.837 **Description** The issue is related to a lack of protection for the web page structure, allowing a low-privilege user to achieve root access via the email list page. This can be exploited by a remote attacker to elevate their privileges to the root level. The exploitation is possible due to a cross-site scripting (XSS) vulnerability in the domain parameter. **Recommendations** For version 0.9.8.837, as a temporary workaround, consider restricting access to the email list page until a patch is available. Additionally, avoid using the vulnerable domain parameter in the email list page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.837 **Description** The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacker to perform arbitrary actions on the vulnerable device. **Recommendations** For version 0.9.8.837, as a temporary workaround, consider disabling the forgot password function until a patch is available. Restrict access to the root account to minimize the risk of exploitation. Avoid using the forgot password feature in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.840 **Description** The issue allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log, potentially exposing file and directory information. **Recommendations** For version 0.9.8.840, consider restricting access to the /tmp/login.log file to minimize the risk of exploitation. As a temporary workaround, restrict access to the filemanager module to prevent attackers from enumerating users and checking for active users.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.846 **Description** The issue allows attackers to steal a cookie or session, or redirect to a phishing website through Reflected XSS in the filemanager2.php file, specifically targeting the `fm current dir` parameter. This can lead to unauthorized access or further malicious activities. **Recommendations** For version 0.9.8.846, consider disabling access to the filemanager2.php file or restricting the use of the `fm current dir` parameter until a patch is available. Additionally, restrict access to sensitive areas of the web panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.846 **Description** A hidden feature in the filemanager2.php file allows attackers to execute shell commands, potentially obtaining a reverse shell with user privileges. **Recommendations** For version 0.9.8.846, consider disabling access to the filemanager2.php file until a patch is available to prevent exploitation of the hidden action=9 feature.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.846 **Description** The issue is related to the login process in CentOS Web Panel, which allows attackers to determine whether a username is valid by analyzing the HTTP response. This is due to a lack of protection for internal data. An attacker could exploit this to reveal protected information. **Recommendations** For version 0.9.8.846, as a temporary workaround, consider restricting access to the login process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version 0.9.8.836 **Description** The issue is related to a `cwpsrv-xxx` cookie that allows a normal user to upload a session file to the `/tmp` directory and use it to gain root user privileges. This is due to an unrestricted file upload vulnerability of a dangerous type. Exploitation of this issue can allow a remote attacker to elevate their privileges to the root level. **Recommendations** For version 0.9.8.836, as a temporary workaround, consider restricting access to the `cwpsrv-xxx` cookie until a patch is available. Additionally, restrict file uploads to the `/tmp` directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.