Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
control-webpanel webpanel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-15613
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line par...
Control-webpanel Webpanel 0.9.8.923
9.8
CVSSv3
CVE-2020-15614
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parame...
Control-webpanel Webpanel 0.9.8.923
9.8
CVSSv3
CVE-2020-10230
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
Control-webpanel Webpanel -
9.8
CVSSv3
CVE-2019-13360
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
9.8
CVSSv3
CVE-2018-18322
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
Control-webpanel Webpanel 0.9.8.480
1 EDB exploit
8.8
CVSSv3
CVE-2022-25048
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
Control-webpanel Webpanel 0.9.8.1126
8.8
CVSSv3
CVE-2019-13477
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an malicious user to change the password for the root account.
Control-webpanel Webpanel 0.9.8.837
8.8
CVSSv3
CVE-2019-13605
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is diffe...
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
8.8
CVSSv3
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
Control-webpanel Webpanel
1 EDB exploit
8.8
CVSSv3
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
Control-webpanel Webpanel
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »