CVE-2019-14727

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.851

Description The issue allows an attacker to change the e-mail password of a victim account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be exploited by a remote attacker to modify a user's email password.

Recommendations For version 0.9.8.851, consider restricting access to the email password change functionality until a patch is available. As a temporary workaround, monitor user account activity closely to detect potential unauthorized changes to email passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.