Unrated severityNVD Advisory· Published Dec 17, 2019· Updated Aug 5, 2024
CVE-2019-14782
CVE-2019-14782
Description
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CentOS-WebPanel.com/CentOS Web Paneldescription
- Range: 0.9.8.856 - 0.9.8.864
Patches
Vulnerability mechanics
References
2- centos-webpanel.com/changelog-cwp7mitrex_refsource_MISC
- packetstormsecurity.com/files/155676/Control-Web-Panel-0.9.8.864-phpMyAdmin-Password-Disclosure.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.