Remote Command Execution in CentOS Web Panel by CentOS-WebPanel.com
CVE-2019-13386

8.8HIGH

Key Information:

Vendor

Centos-webpanel

Status
Centos Web Panel
Vendor
CVE Published:
26 July 2019

What is CVE-2019-13386?

In CentOS Web Panel version 0.9.8.846, a hidden feature in the file manager allows unauthorized users to execute arbitrary shell commands. This vulnerability enables attackers to gain a reverse shell with user privileges, which may lead to further exploitation of the system. It is crucial for users to update their installations to mitigate these security risks.

References

https://centos-webpanel.com/changelog-cwp7
x_refsource_MISC
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-...
x_refsource_MISC
http://packetstormsecurity.com/files/153876/CentOS-Contro...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2019-13386 : Remote Command Execution in CentOS Web Panel by CentOS-WebPanel.com