CVE-2019-13385

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.840

Description The issue allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log, potentially exposing file and directory information.

Recommendations For version 0.9.8.840, consider restricting access to the /tmp/login.log file to minimize the risk of exploitation. As a temporary workaround, restrict access to the filemanager module to prevent attackers from enumerating users and checking for active users.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-13385

Affected Products

Centos Web Panel

CVE-2019-13385

Weakness Enumeration

Related Identifiers

Affected Products

References · 5