cbcvebase.
CVE-2019-13360
published 2019-07-16

CVE-2019-13360: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid…

PriorityP274critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
24.45%
97.6th percentile
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.

Affected

1 ranges
VendorProductVersion rangeFixed in
control-webpanelwebpanel

Detection & IOCsextracted from sources · hover to see the quote

other||//theme/original
  • Authentication bypass is triggered by submitting a valid username with an invalid password, then replacing the session token/cookie value in the HTTP response body with a base64-encoded string containing the pattern '<username>||//theme/original'.
  • Monitor HTTP responses to the CWP login endpoint for client-side manipulation of the response body token value — particularly base64-encoded strings containing the '||//theme/original' pattern, which indicates an active exploitation attempt.
  • Affected versions are CentOS Web Panel 0.9.8.836 and 0.9.8.837; flag any login sessions on these versions that succeed despite an initially invalid password submission.
  • ·The authentication bypass requires the attacker to already know a valid username on the target system; without a valid username the exploit cannot be performed.
  • ·The token/response value format varies by CWP version; for versions 0.9.8.838–0.9.8.846 (CVE-2019-13605) the attacker must first capture a valid token from a controlled environment rather than constructing the '||//theme/original' base64 string.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.