CVE-2019-14245

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.851

Description The issue is related to an insecure object reference, which allows an attacker to delete databases, such as oauthv2, from the server via an attacker account. This is due to insufficient access control, enabling a remote attacker to delete arbitrary databases from the server.

Recommendations For version 0.9.8.851, consider restricting access to database management functions to prevent unauthorized deletion of databases until a patch is available. As a temporary workaround, limit the privileges of attacker accounts to minimize the risk of exploitation.