Cloudpanel 2 < 2.3.1 - Remote Code Execution

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

CVE-2024-44765

CVE-2024-44765 affects MGT-COMMERCE GmbH CloudPanel versions 2.0.0–2.4.2. The root cause is an improper authorization/access control misconfiguration that lets low-privilege users bypass controls and access sensitive configuration files and administrative functionality. Impact is described as pot...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

CVE-2024-24320

CVE-2024-24320 describes a Directory Traversal in Mgt-commerce CloudPanel (versions 2.0.0–2.4.0 ). The vulnerability allows a remote attacker to obtain sensitive information and may execute arbitrary code through the service parameter of the load-logfiles function. Root cause is reported as direc...

MGT-COMMERCE CloudPanel 路径遍历漏洞

MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.2, which stems from a vulnerability that allows an attacker to perform path...

CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

CVE-2023-0391

CVE-2023-0391 affects MGT-COMMERCE CloudPanel. The issue: CloudPanel ships with a static SSL certificate (and private key) shared across all installations, observed in version 2.2.0. This enables fingerprintable certificates and allows an attacker with access to capture or decrypt HTTPS traffic t...

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE CloudPanel version 2.2.0 Description: The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote...