Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
control-webpanel webpanel - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-18324
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
Control-webpanel Webpanel 0.9.8.480
1 EDB exploit
4.3
CVSSv2
CVE-2018-5962
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
Control-webpanel Webpanel
4.3
CVSSv2
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
Control-webpanel Webpanel
4
CVSSv2
CVE-2019-15235
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an malicious user to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the ...
Control-webpanel Webpanel
4
CVSSv2
CVE-2019-14782
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 up to and including 0.9.8.864 allows an malicious user to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a requ...
Control-webpanel Webpanel
4
CVSSv2
CVE-2019-14725
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to change the e-mail usage value of a victim account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14722
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete an e-mail forwarding destination from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14728
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to add an e-mail forwarding destination to a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14730
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a domain from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a victim's e-mail account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »