CVE-2019-13359

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.836

Description The issue is related to a cwpsrv-xxx cookie that allows a normal user to upload a session file to the /tmp directory and use it to gain root user privileges. This is due to an unrestricted file upload vulnerability of a dangerous type. Exploitation of this issue can allow a remote attacker to elevate their privileges to the root level.

Recommendations For version 0.9.8.836, as a temporary workaround, consider restricting access to the cwpsrv-xxx cookie until a patch is available. Additionally, restrict file uploads to the /tmp directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.