Lucene search

K

Webpanel Security Vulnerabilities

cve
cve

CVE-2022-44877

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login...

9.8CVSS

9.6AI Score

0.974EPSS

2023-01-05 11:15 PM
474
In Wild
cve
cve

CVE-2021-45467

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of...

9.8CVSS

9.4AI Score

0.003EPSS

2022-12-26 05:15 AM
33
cve
cve

CVE-2021-45466

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/...

9.8CVSS

9.2AI Score

0.003EPSS

2022-12-26 05:15 AM
26
cve
cve

CVE-2022-25046

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST...

9.8CVSS

9.4AI Score

0.013EPSS

2022-07-07 12:15 PM
57
3
cve
cve

CVE-2022-25048

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root...

8.8CVSS

8.8AI Score

0.005EPSS

2022-07-07 12:15 PM
51
6
cve
cve

CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable...

5.9CVSS

5.9AI Score

0.001EPSS

2022-07-07 12:15 PM
34
4
cve
cve

CVE-2021-31324

The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code...

9.8CVSS

9.8AI Score

0.007EPSS

2021-05-18 08:15 PM
35
cve
cve

CVE-2021-31316

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST...

9.8CVSS

9.8AI Score

0.003EPSS

2021-05-18 08:15 PM
22
cve
cve

CVE-2020-15621

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the....

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
21
cve
cve

CVE-2020-15622

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter,...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
18
cve
cve

CVE-2020-15627

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter,...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
24
cve
cve

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
19
cve
cve

CVE-2020-15628

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the.....

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15624

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
21
cve
cve

CVE-2020-15625

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the username parameter, the....

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
19
cve
cve

CVE-2020-15626

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
16
cve
cve

CVE-2020-15610

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo parameter, the process does....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
38
cve
cve

CVE-2020-15619

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
31
cve
cve

CVE-2020-15620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the...

7.5CVSS

7.4AI Score

0.007EPSS

2020-07-28 05:15 PM
22
cve
cve

CVE-2020-15608

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service parameter, the process....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
26
cve
cve

CVE-2020-15614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter, the process does...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
19
cve
cve

CVE-2020-15615

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper...

9.8CVSS

9.6AI Score

0.011EPSS

2020-07-28 05:15 PM
28
cve
cve

CVE-2020-15613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
26
cve
cve

CVE-2020-15611

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_restart parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
21
cve
cve

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
23
cve
cve

CVE-2020-15616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter,...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15617

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the status parameter, the....

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
19
cve
cve

CVE-2020-15618

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter,...

7.5CVSS

7.5AI Score

0.007EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15427

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_disk_usage.php. When parsing the folderName parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
25
cve
cve

CVE-2020-15607

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
34
cve
cve

CVE-2020-15426

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the serverip parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
24
cve
cve

CVE-2020-15432

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
22
cve
cve

CVE-2020-15435

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
23
cve
cve

CVE-2020-15429

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
21
cve
cve

CVE-2020-15433

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15606

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the lack of proper...

9.8CVSS

9.6AI Score

0.011EPSS

2020-07-28 05:15 PM
23
cve
cve

CVE-2020-15428

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
25
cve
cve

CVE-2020-15430

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
24
cve
cve

CVE-2020-15431

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15434

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
21
cve
cve

CVE-2020-15420

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter, the process does not....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
24
cve
cve

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the check_ip parameter, the...

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
23
cve
cve

CVE-2020-15422

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
24
cve
cve

CVE-2020-15424

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain parameter, the process.....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
23
cve
cve

CVE-2020-15423

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the dominio parameter, the process....

9.8CVSS

9.6AI Score

0.012EPSS

2020-07-28 05:15 PM
20
cve
cve

CVE-2020-15425

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The issue results from the lack of proper...

9.8CVSS

9.6AI Score

0.011EPSS

2020-07-28 05:15 PM
19
cve
cve

CVE-2020-10230

CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term...

9.8CVSS

9.9AI Score

0.005EPSS

2020-03-16 04:15 PM
123
cve
cve

CVE-2019-14782

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the.....

6.5CVSS

6.4AI Score

0.001EPSS

2019-12-17 04:15 PM
35
cve
cve

CVE-2019-15235

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and.....

6.5CVSS

6.6AI Score

0.001EPSS

2019-12-17 04:15 PM
20
cve
cve

CVE-2019-16295

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the...

4.6CVSS

4.3AI Score

0.0004EPSS

2019-10-31 09:15 PM
56
Total number of security vulnerabilities80