Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centos web panel vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-12190
XSS exists in CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
Control-webpanel Webpanel
3.5
CVSSv2
CVE-2019-11429
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
Control-webpanel Webpanel 0.9.8.793
Control-webpanel Webpanel 0.9.8.807
Control-webpanel Webpanel 0.9.8.753
1 EDB exploit
3.5
CVSSv2
CVE-2019-10893
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and c...
Centos-webpanel Centos Web Panel 0.9.8.753
Centos-webpanel Centos Web Panel 0.9.8.793
3.5
CVSSv2
CVE-2019-10261
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
Centos-webpanel Centos Web Panel 0.9.8.789
1 EDB exploit
3.5
CVSSv2
CVE-2019-7646
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
Control-webpanel Webpanel
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
Control-webpanel Webpanel
1 EDB exploit
6.8
CVSSv2
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
Control-webpanel Webpanel
1 EDB exploit
4.3
CVSSv2
CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows XSS via the admin/index.php module parameter.
Control-webpanel Webpanel
1 EDB exploit
7.5
CVSSv2
CVE-2018-18322
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
Control-webpanel Webpanel 0.9.8.480
1 EDB exploit
5
CVSSv2
CVE-2018-18323
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
Control-webpanel Webpanel 0.9.8.480
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »