PT-2019-13558 · Centos · Centos Web Panel
Published
2019-08-21
·
Updated
2023-03-03
·
CVE-2019-14246
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CentOS Web Panel version 0.9.8.851
Description
An insecure object reference in CentOS Web Panel allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account.
Recommendations
For version 0.9.8.851, consider restricting access to phpMyAdmin to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of attacker accounts to prevent them from accessing sensitive information.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos Web Panel