Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
7.5
CVSSv2
CVE-2020-10230
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
Control-webpanel Webpanel -
4.3
CVSSv2
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
Control-webpanel Webpanel
3.5
CVSSv2
CVE-2019-12190
XSS exists in CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
Control-webpanel Webpanel
4.3
CVSSv2
CVE-2018-5962
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
Control-webpanel Webpanel
5.5
CVSSv2
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a victim's e-mail account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14730
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a domain from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14727
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to change the e-mail password of a victim account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
5.5
CVSSv2
CVE-2019-14729
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a sub-domain from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »