WEB control panel
by ClonOS
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18418 | Cri | 0.67 | 9.8 | 0.04 | Oct 24, 2019 | clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | ||
| CVE-2019-18419 | Med | 0.40 | 6.1 | 0.01 | Oct 24, 2019 | A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||
| CVE-2019-15571 | Cri | 0.00 | 9.8 | 0.01 | Aug 26, 2019 | The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. |
- risk 0.67cvss 9.8epss 0.04
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
- risk 0.40cvss 6.1epss 0.01
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
- risk 0.00cvss 9.8epss 0.01
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.