CVE-2018-18323
published 2018-10-15CVE-2018-18323: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../…
PriorityP270high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
70.74%
99.3th percentile
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| control-webpanel | webpanel | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect LFI attempts targeting the file_editor module via directory traversal in the 'file' GET parameter — look for patterns like `module=file_editor&file=/../` or URL-encoded equivalents `%2f..%2f` in requests to /admin/index.php. ↗
- →Detect command injection attempts via GET parameters service_start, service_restart, service_fullstatus, and service_stop — look for semicolons or shell metacharacters injected into these parameters in requests to /admin/index.php. ↗
- →Use Shodan/FOFA queries to identify exposed CWP instances as potential targets: Shodan query `http.title:"login | control webpanel"`, FOFA query `title="login | control webpanel"`. ↗
- →The CWP server identifies itself via the `Server: cwpsrv` response header — use this to fingerprint vulnerable instances in network traffic. ↗
- →Successful LFI exploitation returns file metadata and contents inline in the HTML response body, e.g. 'File info [stats]:' followed by file permissions and 'Contents of File:' — monitor HTTP responses for this pattern. ↗
- →Successful blind command injection is confirmed by a numeric result appearing in a WARNING banner in the HTML response body — monitor for `WARNING! <number>` patterns in responses to /admin/index.php service_* parameter requests. ↗
- ·The exploit was tested on CentOS 7 with CWP version 0.9.8.480 specifically; other versions may not be vulnerable or may behave differently. ↗
- ·The Nuclei template detection relies on a regex match for `root:[x*]:0:0` in the HTTP 200 response body, meaning detection only fires if /etc/passwd is successfully read — it will not catch failed or partial exploitation attempts. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
exploitdb·2018-10-15
CVE-2018-18324 Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
---
# Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities
# Exploit Author: Seccops - Siber Güvenlik Hizmetleri (https://seccops.com)
# Vendor Homepage: http://centos-webpanel.com/
# Software Link: http://centos-webpanel.com/system-requirements
# Version: 0.9.8.480
# Tested on: Centos 7
# Vulnerability Types: Command Injection, Local File Inclusion, Cross-site Scripting, Frame Injection
# CVE: -
### Vulnerability Name: Command Injection ###
1)
Proof URL: http://localhost:2030/admin/index.php?service_start=opendkim;expr 268409241 - 2;x
Parameter Name: service_start
Parameter Type: GET
Attack Pattern: opendkim%3bexpr+268409241+-+2%3bx
HTTP Request:
GET /admin/index.php?service_start=opendkim%3bexpr%20268409241%20-%202
Nuclei
Centos Web Panel 0.9.8.480 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-18323 [HIGH] Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version.
Template:
id: CVE-2018-18323
info:
name: Centos Web Panel 0.9.8.480 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version.
impact: |
Successful exploitation of this vulnerability allows an attacker to read sensitive files on the server.
remediation: |
Upgrade to a patched version of Centos Web Panel.
reference:
- https://
No writeups or analysis indexed.
2018-10-15
Published