CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18418

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile19.51th
PublishedOct 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

Affected Platforms (CPE)

πŸ’»
Clonos

Clonos

= 19.09

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html
πŸ”— https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability
πŸ”— http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html
πŸ”— https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

Related Vulnerabilities

CVE-2019-155719.8

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.

CVE-2019-184196.1

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitr...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...