ID:1454 - Exploit for Permissions, Privileges, and Access Controls in ClonOS - CVE-2019-18418

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:1454 - Exploit for Permissions, Privileges, and Access Controls in ClonOS - CVE-2019-18418

ID:1454 - Exploit for Permissions, Privileges, and Access Controls in ClonOS - CVE-2019-18418

Published: March 18, 2020


Vulnerability identifier: #VU22302
Vulnerability risk: High
CVE-ID: CVE-2019-18418
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
ClonOS

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to missing session management in the "clonos.php" file. A remote attacker can change password requests and gain full access to the target system.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.