返回 CVE 浏览器

CVE-2019-18418

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1940%

EPSS Percentile19.51th

Published2019年10月24日

Last Modified2024年11月21日

Vulnerability Description

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

Affected Platforms (CPE)

💻

Clonos

Clonos

= 19.09

References & Advisories

🔗 http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html

🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

🔗 http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html

🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

相关漏洞威胁

CVE-2019-155719.8

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.

CVE-2019-184196.1

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitr...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...