Showing 1 - 1 of 1

CVE-2019-15235

Status Candidate

Overview

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.

Related Files

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure: Posted Dec 16, 2019; Authored by Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak; Control Web Panel versions 0.9.8.856 through 0.9.8.864 suffer from a phpMyAdmin password disclosure vulnerability.; tags | exploit, web, info disclosure; advisories | CVE-2019-14782, CVE-2019-15235; SHA-256 | c661bc2925cdd92f9d846c7e14852253f037e5ec12e6ad38447d28372e27afbe; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 217 files
Ubuntu 93 files
Debian 23 files
Gentoo 15 files
tmrswrr 7 files
Amit Roy 4 files
Google Security Research 3 files
Furkan Eren Tetik 3 files
Aslam Anwar Mahimkar 3 files
ron190 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,515)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,226)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,628)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

CVE-2019-15235

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems