CVE-2019-14721 - In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an

CVE-2019-14721

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

References

https://packetstormsecurity.com/files/154404/Control-Web-Panel-0.9.8.851-Privilege-Escalation.html
https://centos-webpanel.com/changelog-cwp7
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-14721.md

Vulnerable Configurations

cpe:2.3:a:control-webpanel:webpanel:0.9.8.851:*:*:*:*:*:*:*
cpe:2.3:a:control-webpanel:webpanel:0.9.8.851:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 24-01-2023 - 18:57)
Impact:
Exploitability:

CWE

CWE-639

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:P

refmap via4

misc

https://centos-webpanel.com/changelog-cwp7
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-14721.md
https://packetstormsecurity.com/files/154404/Control-Web-Panel-0.9.8.851-Privilege-Escalation.html

Last major update

24-01-2023 - 18:57

Published

10-09-2019 - 16:15

Last modified

24-01-2023 - 18:57