Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
control-webpanel webpanel vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15626
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the t...
Control-webpanel Webpanel 0.9.8.923
7.5
CVSSv3
CVE-2020-15627
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing ...
Control-webpanel Webpanel 0.9.8.923
7.5
CVSSv3
CVE-2020-15628
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing ...
Control-webpanel Webpanel 0.9.8.923
5.9
CVSSv3
CVE-2022-25047
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
Control-webpanel Webpanel 0.9.8.1126
8.8
CVSSv3
CVE-2022-25048
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
Control-webpanel Webpanel 0.9.8.1126
7.5
CVSSv3
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
4.3
CVSSv3
CVE-2019-13385
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows malicious users to enumerate users and check for active users of the application by reading /tmp/login.log.
Control-webpanel Webpanel 0.9.8.840
6.1
CVSSv3
CVE-2019-13387
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows malicious users to steal a cookie or session, or redirect to a phishing website.
Control-webpanel Webpanel 0.9.8.846
5.3
CVSSv3
CVE-2019-13599
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows malicious users to check whether a username is valid by comparing response times.
Control-webpanel Webpanel 0.9.8.848
8.8
CVSSv3
CVE-2019-13605
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is diffe...
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »