Skip to main content

Clonos

3 CVEs product

Monthly

CVE-2019-18418 CRITICAL POC Act Now

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure Clonos
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-18419 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clonos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15571 CRITICAL PATCH Act Now

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Clonos
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clonos
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Clonos
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy