CVE-2019-13605

HIGH

CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13605. PoCs published by Pongtorn Angsuchotmetee.

AI-analyzed exploit summary This is a detailed writeup describing an authentication bypass vulnerability in CWP (CentOS Control Web Panel) versions 0.9.8.836 to 0.9.8.846. The exploit involves manipulating the base64-encoded response body to gain unauthorized access to user accounts.

Description

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.

Exploits (1)

exploitdb WRITEUP
by Pongtorn Angsuchotmetee · textwebappslinux
https://www.exploit-db.com/exploits/47123

This is a detailed writeup describing an authentication bypass vulnerability in CWP (CentOS Control Web Panel) versions 0.9.8.836 to 0.9.8.846. The exploit involves manipulating the base64-encoded response body to gain unauthorized access to user accounts.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: CWP (CentOS Control Web Panel) < 0.9.8.847
No auth needed
Prerequisites: Valid username for the target system · Access to the login page of the vulnerable CWP instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47123

Scores

CVSS v3 8.8
EPSS 0.1531
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-639
Status published
Products (1)
control-webpanel/webpanel 0.9.8.836
Published Jul 16, 2019
Tracked Since Feb 18, 2026