In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
control-webpanel webpanel 0.9.8.836 |