134 matches found
Design/Logic Flaw
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...
CVE-2021-45466
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...
CVE-2021-45467
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...
CVE-2021-45467
CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...
CVE-2021-45466
CVE-2021-45466: In CWP (Control Web Panel/CentOS Web Panel) before 0.9.8.1107, a crafted request to api/?api=add_server&DHCP= can cause an authorized_keys file to be written under /resources/. This is a remote, unauthenticated exploit with high impact. CVE-2021-45467: In the same platform before ...
CVE-2021-45466
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...
CVE-2021-45467
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...
PT-2022-6101
Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1147 Description The issue is related to the login/index.php component in Control Web Panel, which allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login...
Control Web Panel bugs cause remote code execution in Linux servers
...
Linux Servers at Risk of RCE Due to Critical CWP Bugs
Researchers have discovered two critical bugs in Control Web Panel CWP – a popular web hosting management software used by 200,000+ servers – that could allow for remote code execution RCE as root on vulnerable Linux servers. CWP, formerly known as CentOS Web Panel, is an open-source Linux contro...
Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks
Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...
PT-2022-3945 · Unknown · Control Web Panel
Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...
Researchers Warn of Facefish Backdoor Spreading Linux Rootkits
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure
Exploit Title : CWP Control Web Panel phpMyAdmin password access Date : 20 Aug 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest version Versi...
Control Web Panel Cross-Site Scripting Vulnerability
Control Web Panel is a Linux web hosting control panel. A cross-site scripting vulnerability exists in Control Web Panel version 0.9.8.885, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...
CentOS Web Panel elevation of privilege vulnerability (CNVD-2019-32249)
Control Web Panel is a Linux web hosting control panel. An elevation of privilege vulnerability exists in Control Web Panel, which can be exploited by an attacker to upload malicious software using the REST API...
CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery
Cross-Site Request Forgery CSRF ==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS 7.6.1810 Core Reference :...
CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting
==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS 7.6.1810 Core Reference : https://control-webpanel.com/...
CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting Vulnerability
Exploit for linux platform in category web applications ==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS...