Описание
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-14245
- https://centos-webpanel.com/changelog-cwp7
- http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.html
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
CVSS3: 6.5
fstec
больше 6 лет назад
Уязвимость приложения для управления серверами CentOS Web Panel, связанная с недостатками разграничения доступа, позволяющая нарушителю удалять произвольные базы данных с сервера