Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
control-webpanel webpanel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-31324
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
Control-webpanel Webpanel -
6.5
CVSSv3
CVE-2019-15235
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an malicious user to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the ...
Control-webpanel Webpanel
9.8
CVSSv3
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
9.8
CVSSv3
CVE-2021-45466
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Control-webpanel Webpanel
9.8
CVSSv3
CVE-2021-45467
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=gu...
Control-webpanel Webpanel
4.8
CVSSv3
CVE-2019-7646
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
Control-webpanel Webpanel
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows XSS via the admin/index.php module parameter.
Control-webpanel Webpanel
1 EDB exploit
5.4
CVSSv3
CVE-2019-13476
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
Control-webpanel Webpanel 0.9.8.837
9.8
CVSSv3
CVE-2020-15420
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line paramet...
Control-webpanel Webpanel 0.9.8.891
9.8
CVSSv3
CVE-2020-15421
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_...
Control-webpanel Webpanel 0.9.8.923
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »