The vulnerability of the ajax_mod_security.php implementation of the application for managing servers on CentOS Web Panel allows a hacker to execute arbitrary code.

The vulnerability of the ajaxmodsecurity.php implementation of the application for managing servers on CentOS Web Panel is related to the failure to take measures to eliminate special elements in the string entered by the user when processing the archivo parameter. Exploiting this vulnerability m...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44602)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44635)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44600)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from the program failing to properly validate a system call before executing it with ...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44636)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15422

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...

CVE-2020-15422

CVE-2020-15422 affects CentOS Web Panel cwp-e17.0.9.8.923. The issue is in ajax_mod_security.php where the archivo parameter is parsed without proper validation, allowing an attacker to execute arbitrary code with root privileges. This is a network-based remote code execution vulnerability (no au...

PT-2020-14546 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

PT-2020-14423 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

PT-2020-14421 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

PT-2020-6770 · Unknown · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions cwp-e17.0.9.8.923 Description: The issue is related to the implementation of the ajax mod security.php script in CentOS Web Panel, where the archivo parameter does not properly neutralize special elements in...