Lucene search
K

134 matches found

Prion
Prion
added 2022/12/26 5:15 a.m.36 views

Design/Logic Flaw

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

7.5CVSS9.2AI score0.70947EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.8 views

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

6.8AI score0.70947EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:0 a.m.6 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

7.2AI score0.70947EPSS
Exploits1References2
CVE
CVE
added 2022/12/26 12:0 a.m.99 views

CVE-2021-45467

CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...

9.8CVSS9.4AI score0.70947EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/12/26 12:0 a.m.100 views

CVE-2021-45466

CVE-2021-45466: In CWP (Control Web Panel/CentOS Web Panel) before 0.9.8.1107, a crafted request to api/?api=add_server&DHCP= can cause an authorized_keys file to be written under /resources/. This is a remote, unauthenticated exploit with high impact. CVE-2021-45467: In the same platform before ...

9.8CVSS9.2AI score0.55338EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.27 views

CVE-2021-45466

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

9.5AI score0.70947EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.37 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

9.7AI score0.70947EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.2 views

PT-2022-6101

Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1147 Description The issue is related to the login/index.php component in Control Web Panel, which allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login...

10CVSS7.5AI score0.99995EPSS
Exploits12References39
hivepro
hivepro
added 2022/01/27 1:19 p.m.12 views

Control Web Panel bugs cause remote code execution in Linux servers

...

4.8AI score
Exploits0
ThreatPost
ThreatPost
added 2022/01/24 11:8 p.m.73 views

Linux Servers at Risk of RCE Due to Critical CWP Bugs

Researchers have discovered two critical bugs in Control Web Panel CWP – a popular web hosting management software used by 200,000+ servers – that could allow for remote code execution RCE as root on vulnerable Linux servers. CWP, formerly known as CentOS Web Panel, is an open-source Linux contro...

9.8CVSS10AI score0.70947EPSS
Exploits2References9
The Hacker News
The Hacker News
added 2022/01/22 4:4 a.m.79 views

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...

1.2AI score0.70947EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2022/01/22 12:0 a.m.4 views

PT-2022-3945 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...

10CVSS9.6AI score0.70947EPSS
Exploits2References11
The Hacker News
The Hacker News
added 2021/05/28 3:30 p.m.61 views

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...

0.9AI score
Exploits0
0day.today
0day.today
added 2019/12/17 12:0 a.m.127 views

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...

6.6AI score0.01411EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/12/16 12:0 a.m.169 views

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure

Exploit Title : CWP Control Web Panel phpMyAdmin password access Date : 20 Aug 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest version Versi...

6.5AI score0.01411EPSS
Exploits4
CNVD
CNVD
added 2019/10/29 12:0 a.m.1 views

Control Web Panel Cross-Site Scripting Vulnerability

Control Web Panel is a Linux web hosting control panel. A cross-site scripting vulnerability exists in Control Web Panel version 0.9.8.885, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...

4.6CVSS6.4AI score0.00478EPSS
Exploits2References1
CNVD
CNVD
added 2019/09/11 12:0 a.m.3 views

CentOS Web Panel elevation of privilege vulnerability (CNVD-2019-32249)

Control Web Panel is a Linux web hosting control panel. An elevation of privilege vulnerability exists in Control Web Panel, which can be exploited by an attacker to upload malicious software using the REST API...

7.5CVSS7.3AI score0.04412EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.366 views

CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery

Cross-Site Request Forgery CSRF ==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS 7.6.1810 Core Reference :...

0.3AI score0.00721EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.184 views

CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting

==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS 7.6.1810 Core Reference : https://control-webpanel.com/...

0.2AI score0.06512EPSS
Exploits3
0day.today
0day.today
added 2019/08/26 12:0 a.m.69 views

CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting Vulnerability

Exploit for linux platform in category web applications ==================================================================== Information ==================================================================== Product : CWP Control Web Panel version : 0.9.8.837 Fixed on : 0.9.8.851 Test on : CentOS...

3.5CVSS5.9AI score0.06512EPSS
Exploits3
Rows per page
Query Builder