3 matches found
CVE-2021-45467
In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...
PT-2022-3811
Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions prior to 0.9.8.1107 Description The issue is related to incorrect handling of code generation in CentOS Web Panel, allowing a remote attacker to execute arbitrary code using a specially crafted request. An...
PT-2022-3945 · Unknown · Control Web Panel
Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...