CVE-2018-18323

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.480

Description The issue concerns a Local File Inclusion vulnerability via directory traversal. This can be exploited through the "/admin/index.php?module=file editor&file=/../" URI, which allows access to sensitive files.

Recommendations For version 0.9.8.480, as a temporary workaround, consider restricting access to the file editor module in admin/index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.