16 matches found
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43144)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxphppecl.php file not proper...
CVE-2020-15628
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the user parameter, the...
CVE-2020-15624
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxnewaccount.php. When parsing the domain parameter, the...
CVE-2020-15624
CVE-2020-15624 affects CentOS Web Panel (CWP) — version cwp-e17.0.9.8.923 — where the ajax_new_account.php component does not properly validate the domain parameter before constructing SQL queries, enabling an unauthenticated remote SQL injection that can disclose sensitive information in the con...
CVE-2020-15619
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...
CVE-2020-15614
CVE-2020-15614 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the cha parameter, where input is not properly validated before a system call, allowing an unauthenticated attacker to execute arbitrary code with root privileges. This has been disclosed in...
CVE-2020-15610
CVE-2020-15610 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in the file ajax_php_pecl.php where parsing the modulo parameter allows an attacker to execute arbitrary code with root privileges, without authentication. Multiple sources (ZDI-20-757, Red Hat, CNVD/CVE records) co...
CVE-2020-15435
The CVE-2020-15435 issue affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in ajax_dashboard.php where parsing the service_start parameter allows an attacker to construct a system call, enabling remote code execution with root privileges. It is exploitable remotely without authen...
CVE-2020-15433
CVE-2020-15433 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the phpversion parameter, which allows an unauthenticated attacker to execute arbitrary code with root privileges via a remote code execution vector. Multiple sources (including ZDI-20-750) ...
CVE-2020-15434
CVE-2020-15434 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerable component is ajax_php_pecl.php where the canal parameter is not properly validated before using it to execute a system call, enabling remote code execution with root privileges. Exploitation is possible without authentica...
CVE-2020-15430
This CVE (CVE-2020-15430) affects CentOS Web Panel, version cwp-e17.0.9.8.923. The vulnerability resides in ajax_list_accounts.php; the code path parsing the username parameter does not properly validate input before using it to execute a system call, allowing remote attackers to execute arbitrar...
CVE-2020-15422
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...
CVE-2020-15421
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...
PT-2020-14431 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax php pecl.php...
PT-2020-14423 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
PT-2020-14425 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax dis...