Pongtorn Angsuchotmetee

28 exploits Active since Mar 2019
CVE-2019-13359 EXPLOITDB HIGH text WRITEUP
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
CVSS 7.5
CVE-2019-13383 EXPLOITDB MEDIUM text WRITEUP
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVSS 5.3
CVE-2019-13605 EXPLOITDB HIGH text WRITEUP
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
CVSS 8.8