CVE-2020-15622 (centos_web_panel)

Posted by Cyberthreat Blog | Aug 3, 2020 | CVE Validated | 0 |

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9712.

CVE-2020-15622 (centos_web_panel)

About The Author

Cyberthreat Blog

Share This

Share This

CVE-2020-15622 (centos_web_panel)

About The Author

Cyberthreat Blog

Related Posts

CVE-2017-12129 (edr-810_firmware)

CVE-2000-0803 (groff)

CVE-2016-5612 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, mariadb, mysql)

CVE-2016-2391 (debian_linux, qemu, ubuntu_linux)

Share This

Share This