146 matches found
EUVD-2022-29790
Malicious code in bioql PyPI...
EUVD-2022-29791
Malicious code in bioql PyPI...
EUVD-2022-6088
Malicious code in bioql PyPI...
Malicious code in @digital-wealth-web/cwp-service-setu (npm)
The package @digital-wealth-web/cwp-service-setu was found to contain malicious code...
MAL-2025-7747 Malicious code in @digital-wealth-web/cwp-service-setup (npm)
The package @digital-wealth-web/cwp-service-setup was found to contain malicious code...
Malicious code in @digital-wealth-web/cwp-service-setup (npm)
The package @digital-wealth-web/cwp-service-setup was found to contain malicious code...
Exploit for CVE-2025-48703
💥 CVE-2025-48703 AutoExploit GUI/CLI 💥...
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request...
CVE-2022-25048
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user...
GHSA-FRM9-7PM9-5RGC SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
The silverstripe/comments module, the cwp/starter-theme and the cwp/watea-theme include an outdated version of jQuery by default, which contains XSS vulnerabilities if user input is used in certain contexts. Though no known exploit has been found for these in the existing usage, user customisatio...
SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
The silverstripe/comments module, the cwp/starter-theme and the cwp/watea-theme include an outdated version of jQuery by default, which contains XSS vulnerabilities if user input is used in certain contexts. Though no known exploit has been found for these in the existing usage, user customisatio...
CVE-2023-42121
CVE-2023-42121 concerns Control Web Panel (CWP) missing authentication in its web interface, enabling remote code execution with no privileges required. The flaw results from a lack of authentication before accessing functionality, allowing an attacker to execute code in the context of a valid CW...
BIT-SILVERSTRIPE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
Exploit for OS Command Injection in Control-Webpanel Webpanel
Docs Paper : https://docs.google.com/document/d/1rQ7e9i2AFzHbASf...
CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel formerly CentOS Web Panel contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter...
CVE-2022-44877
login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...
Design/Logic Flaw
login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...
CVE-2022-44877
login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...
CVE-2022-44877
login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Recent assessments: h00die-gr3y at January 14, 2023 6:25pm UTC reported: This vulnerability is all about...
CVE-2022-44877
CVE-2022-44877 affects CentOS Web Panel / Control Web Panel (CWP) 7 prior to 0.9.8.1147. The vendor’s login/index.php component is vulnerable to OS command injection via shell metacharacters in the login parameter, enabling remote code execution. Public templates and security feeds describe it as...