Vulnerability Description
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centos-Webpanel | Centos Web Panel | 0.9.8.851 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.8ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-WExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-PaneExploitThird Party AdvisoryVDB Entry
- https://centos-webpanel.com/changelog-cwp7Release Notes
- http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.8ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-WExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-PaneExploitThird Party AdvisoryVDB Entry
- https://centos-webpanel.com/changelog-cwp7Release Notes
FAQ
What is CVE-2019-14245?
CVE-2019-14245 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
How severe is CVE-2019-14245?
CVE-2019-14245 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14245?
Check the references section above for vendor advisories and patch information. Affected products include: Centos-Webpanel Centos Web Panel.