Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Database Deletion

Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Database Deletion

CVE-2019-14245 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

Learn more about our Cis Benchmark Audit For Centos Linux.