CVE-2019-14727 - In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an

CVE-2019-14727

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.

References

https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-14727.md
https://packetstormsecurity.com/files/154404/Control-Web-Panel-0.9.8.851-Privilege-Escalation.html
https://centos-webpanel.com/changelog-cwp7

Vulnerable Configurations

cpe:2.3:a:control-webpanel:webpanel:0.9.8.851:*:*:*:*:*:*:*
cpe:2.3:a:control-webpanel:webpanel:0.9.8.851:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 24-01-2023 - 18:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

misc

https://centos-webpanel.com/changelog-cwp7
https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-14727.md
https://packetstormsecurity.com/files/154404/Control-Web-Panel-0.9.8.851-Privilege-Escalation.html

Last major update

24-01-2023 - 18:57

Published

10-09-2019 - 16:15

Last modified

24-01-2023 - 18:57