CVE-2018-18773

EPSS 3.4%

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencepacketstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.htmlunverified cve_referencewww.exploit-db.com/exploits/45822/unverified exploitdbwww.exploit-db.com/exploits/45822unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.html http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.html https://www.exploit-db.com/exploits/45822/