Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-18418. PoCs published by İbrahim Hakan Şeker.
AI-analyzed exploit summary This exploit targets an improper access control vulnerability in ClonOs WEB UI 19.09, allowing unauthorized users to enumerate user accounts and change passwords without authentication.
Description
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
Exploits (1)
exploitdb
WORKING POC
by İbrahim Hakan Şeker · pythonwebappsphp
https://www.exploit-db.com/exploits/47544
This exploit targets an improper access control vulnerability in ClonOs WEB UI 19.09, allowing unauthorized users to enumerate user accounts and change passwords without authentication.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
ClonOs WEB UI 19.09
No auth needed
Prerequisites:
Network access to the target ClonOs instance
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html
Scores
CVSS v3
9.8
EPSS
0.0400
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-384
Status
published
Products (1)
clonos/clonos
19.09
Published
Oct 24, 2019
Tracked Since
Feb 18, 2026