CVE-2019-13383

MEDIUM

Webpanel - Information Disclosure

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13383. PoCs published by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak.

AI-analyzed exploit summary This is a writeup detailing a user enumeration vulnerability in CWP (CentOS Control Web Panel) versions 0.9.8.836 to 0.9.8.847. The vulnerability allows attackers to determine valid usernames by analyzing HTTP response messages.

Description

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.

Exploits (1)

exploitdb WRITEUP
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak · textwebappslinux
https://www.exploit-db.com/exploits/47125

This is a writeup detailing a user enumeration vulnerability in CWP (CentOS Control Web Panel) versions 0.9.8.836 to 0.9.8.847. The vulnerability allows attackers to determine valid usernames by analyzing HTTP response messages.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CWP (CentOS Control Web Panel) < 0.9.8.848
No auth needed
Prerequisites: Network access to the target CWP instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.1424
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-203
Status published
Products (1)
control-webpanel/webpanel 0.9.8.836
Published Jul 16, 2019
Tracked Since Feb 18, 2026