Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centos vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
9.8
CVSSv3
CVE-2020-10230
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
Control-webpanel Webpanel -
6.1
CVSSv3
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
Control-webpanel Webpanel
5.4
CVSSv3
CVE-2019-12190
XSS exists in CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
Control-webpanel Webpanel
6.1
CVSSv3
CVE-2018-5962
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
Control-webpanel Webpanel
6.5
CVSSv3
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a victim's e-mail account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3
CVE-2019-14730
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a domain from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
5.4
CVSSv3
CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to access and delete DNS records of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3
CVE-2019-14727
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to change the e-mail password of a victim account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »