CVE-2019-18418

CRITICAL

ClonOS WEB control panel 19.09 - RCE

Title source: llm

Description

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

Exploits (1)

exploitdb WORKING POC

by İbrahim Hakan Şeker · pythonwebappsphp

https://www.exploit-db.com/exploits/47544

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html

[Exploit, Third Party Advisory] https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

Scores

CVSS v3 9.8

EPSS 0.1056

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-384

Status published

Products (1)

clonos/clonos 19.09

Published Oct 24, 2019

Tracked Since Feb 18, 2026