lwzxs / centos-control-web-panel-cve Goto Github PK

On June 29, 2019 our team started to find vulnerability on CentOS Control Web Panel (CWP) version 0.9.8.836, and we found some critical vulnerabilites. Some of the vulnerabilities we found can be chained to compromise the server from anonymous user to be root user. After our team reported to CWP, they responsed us quickly.

Finally, all of vulnerabilities are mentioned here have been fixed on CWP version 0.9.8.848 (CVE-2019-133xx) and version 0.9.8.866 (CVE-2019-142xx)

" This repository is purely intended for educational and research purposes only. We do NOT want anyone to use any information from this repository to attack or do illegal thing (refer to the laws in your country). So that, any actions and or activities related to the materials from this repository is solely your responsibility. If you don’t agree, you are not allowed to access this repository, leave this repository immediately "

CVE-2019-13359 - Root Privilege Escalation

CVE-2019-13360 - User panel bypass Login #1

CVE-2019-13605 - User panel bypass Login #2

CVE-2019-13383 - User Enumeration via HTTP response message

CVE-2019-13385 - Active User Enumeration via login.log

CVE-2019-13386 - Remote Command Execution

CVE-2019-13387 - Reflected Cross Site Scripting

CVE-2019-14245 - Arbitrary database dropping

CVE-2019-14246 - Reset other phpMyadmin password

CVE-2019-13599 - User enumerate through HTTP response time

CVE-2019-13476 - Cross Site Scripting (Stored) through New Mail Box

CVE-2019-13477 - CSRF through New Mail Box for change password user root

CVE-2019-XXXXX Coming soon...

The software is seperated to be 2 parts, root panel and user panel. If you try to install the old version by changing software version in the installation script, you will get install previous version of root panel but the user panel is only available for the lastest version (cannot specific version to download)

Pongtorn Angsuchotmetee
Nissana Sirijirakal
Narin Boonwasanarak