Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centos web panel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
NA
CVE-2021-45466
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Control-webpanel Webpanel
NA
CVE-2021-45467
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=gu...
Control-webpanel Webpanel
10
CVSSv2
CVE-2021-31316
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
Control-webpanel Webpanel -
10
CVSSv2
CVE-2021-31324
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
Control-webpanel Webpanel -
10
CVSSv2
CVE-2020-15420
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line paramet...
Control-webpanel Webpanel 0.9.8.891
10
CVSSv2
CVE-2020-15422
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archiv...
Control-webpanel Webpanel 0.9.8.923
10
CVSSv2
CVE-2020-15427
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_disk_usage.php. When parsing the folderNa...
Control-webpanel Webpanel 0.9.8.923
10
CVSSv2
CVE-2020-15428
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line paramete...
Control-webpanel Webpanel 0.9.8.923
10
CVSSv2
CVE-2020-15430
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the usern...
Control-webpanel Webpanel 0.9.8.923
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »