Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.9 views

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1= .%00./.%00./api/accountnewcreate=guadaapi URI. Any number of %00 instances can...

9.8CVSS7.2AI score0.70947EPSS
Exploits1
CVE
CVE
added 2022/12/26 12:0 a.m.100 views

CVE-2021-45467

CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...

9.8CVSS9.4AI score0.70947EPSS
Exploits1References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/02/27 12:0 a.m.39 views

CWP Panel Remote Code Execution (CVE-2021-45467; CVE-2021-45466)

A remote code execution vulnerability exists in CWP Panel. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.70947EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/01/22 4:4 a.m.79 views

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...

1.2AI score0.70947EPSS
Exploits2
Rows per page
Query Builder