Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
control-webpanel webpanel vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-11429
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
Control-webpanel Webpanel 0.9.8.793
Control-webpanel Webpanel 0.9.8.807
Control-webpanel Webpanel 0.9.8.753
1 EDB exploit
8.8
CVSSv3
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
Control-webpanel Webpanel
1 EDB exploit
8.8
CVSSv3
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
Control-webpanel Webpanel
1 EDB exploit
6.1
CVSSv3
CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows XSS via the admin/index.php module parameter.
Control-webpanel Webpanel
1 EDB exploit
6.5
CVSSv3
CVE-2019-15235
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an malicious user to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the ...
Control-webpanel Webpanel
5.4
CVSSv3
CVE-2019-12190
XSS exists in CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
Control-webpanel Webpanel
9.8
CVSSv3
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
4.8
CVSSv3
CVE-2019-7646
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
Control-webpanel Webpanel
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows malicious users to execute arbitrary code via a crafted POST request.
Control-webpanel Webpanel
6.1
CVSSv3
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
Control-webpanel Webpanel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »