Back to CVE Browser

CVE-2019-18418

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1940%

EPSS Percentile19.51th

PublishedOct 24, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

Affected Platforms (CPE)

💻

Clonos

Clonos

= 19.09

References & Advisories

🔗 http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html

🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

🔗 http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html

🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

Related Vulnerabilities

CVE-2019-155719.8

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.

CVE-2019-184196.1

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitr...

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...