Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-10893
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and c...
Centos-webpanel Centos Web Panel 0.9.8.753
Centos-webpanel Centos Web Panel 0.9.8.793
NA
CVE-2014-2531
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) prior to 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , ...
Interworx Web Control Panel
1 EDB exploit
10
CVSSv3
CVE-2016-10043
An issue exists in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi exists to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the applicatio...
Mrf Web Panel 9.0.1
1 EDB exploit
NA
CVE-2007-4588
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users t...
Interworx Web Control Panel 3.0.2
NA
CVE-2007-4589
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to i...
Interworx Web Control Panel 3.0.2
6.5
CVSSv3
CVE-2019-14245
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete databases (such as oauthv2) from the server via an attacker account.
Centos-webpanel Centos Web Panel 0.9.8.851
6.5
CVSSv3
CVE-2019-14246
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
Centos-webpanel Centos Web Panel 0.9.8.851
4.8
CVSSv3
CVE-2019-10261
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
Centos-webpanel Centos Web Panel 0.9.8.789
1 EDB exploit
9.8
CVSSv3
CVE-2020-15609
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_s...
Centos-webpanel Centos Web Panel 17.0.9.8.923
8.8
CVSSv3
CVE-2019-13386
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows malicious users to execute a shell command, i.e., obtain a reverse shell with user privilege.
Centos-webpanel Centos Web Panel 0.9.8.846
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »