Unauthenticated Remote Access to ClonOS WEB Control Panel via Change Password Requests

Unauthenticated Remote Access to ClonOS WEB Control Panel via Change Password Requests

CVE-2019-18418 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

Learn more about our Web App Pen Testing.