Pongtorn Angsuchotmetee

31 exploits Active since Mar 2019
CVE-2024-53582 EXPLOITDB HIGH text WORKING POC
OpenPanel 0.3.4 - Path Traversal via File Manager Copy and View Functions
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
CVSS 7.5
CVE-2024-53584 EXPLOITDB CRITICAL text WORKING POC
OpenPanel v0.3.4 - OS Command Injection via Timezone Parameter
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
CVSS 9.8
CVE-2024-53537 EXPLOITDB CRITICAL text WORKING POC
openpanel 0.2.1-0.3.4 - Path Traversal in File Manager File Actions
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
CVSS 9.1
CVE-2019-13359 EXPLOITDB HIGH text WRITEUP
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
CVSS 7.5
CVE-2019-13383 EXPLOITDB MEDIUM text WRITEUP
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVSS 5.3
CVE-2019-13605 EXPLOITDB HIGH text WRITEUP
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
CVSS 8.8