PT-2019-4295 · Centos · Centos Web Panel
Published
2019-10-25
·
Updated
2023-01-24
·
CVE-2019-16295
CVSS v3.1
4.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CentOS Web Panel version 0.9.8.885
Description
The issue is related to a lack of input sanitization in the filemanager2.php component, allowing for the execution of arbitrary HTML code or JavaScript scripts. This can be exploited via the
cmd arg parameter by a local attacker who supplies a crafted filename within a directory visited by the victim.Recommendations
For version 0.9.8.885, consider restricting access to the filemanager2.php component until a fix is available, and avoid using the
cmd arg parameter in sensitive operations. As a temporary workaround, restrict directory access to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos Web Panel