CVE-2019-13359

HIGH

Webpanel - Unrestricted File Upload

Title source: rule

Description

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.

Exploits (1)

exploitdb WRITEUP

by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak · textwebappslinux

https://www.exploit-db.com/exploits/47124

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html

Scores

CVSS v3 7.5

EPSS 0.0939

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

control-webpanel/webpanel 0.9.8.836

Published Jul 16, 2019

Tracked Since Feb 18, 2026