CVE-2019-13386 – CentOS-WebPanel.com Control Web Panel 0.9.8.836 Remote Command Execution
https://notcve.org/view.php?id=CVE-2019-13386
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. En CentOS Web Panel de CentOS-WebPanel.com (también se conoce como CWP) versión 0.9.8.846, una característica action=9 oculta en el archivo filemanager2.php, permite a los atacantes ejecutar un comando de shell, es decir, obtener un shell inverso con privilegios de usuario. CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/153876/CentOS-Control-Web-Panel-0.9.8.836-Remote-Command-Execution.html https://centos-webpanel.com/changelog-cwp7 https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13386.md • CWE-863: Incorrect Authorization •