Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CentOS Web Panel 日志信息泄露漏洞
Vulnerability Description
CentOS Web Panel(CWP)是一款免费的虚拟主机控制面板。 CentOS Web Panel 0.9.8.864版本中存在安全漏洞。攻击者可利用该漏洞泄露密码。
CVSS Information
N/A
Vulnerability Type
N/A