clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.Referenceshttps://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerabilityhttp://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html
