CVE-2019-13359
28Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 26%
from disclosure to weapon0 days
Published on NVDJul 16
1st PoCJul 16
exploitation probability
26%top 2% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47124unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.