146 matches found
CentOS Web Panel ajax_new_account.php file SQL injection vulnerability
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxnewaccount.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates when the program does not properly validate a user-supplied string. An attacker could exploit this...
CentOS Web Panel SQL Injection Vulnerability (CNVD-2020-43612)
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxlistaccounts.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which stems from the program not properly validating a user-supplied string. An attacker could exploit this vulnerability...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43144)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxphppecl.php file not proper...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43140)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxadminapis.php file not...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43139)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdiskusage.php file not...
CVE-2020-15628
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the user parameter, the...
CVE-2020-15624
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxnewaccount.php. When parsing the domain parameter, the...
CVE-2020-15624
CVE-2020-15624 affects CentOS Web Panel (CWP) — version cwp-e17.0.9.8.923 — where the ajax_new_account.php component does not properly validate the domain parameter before constructing SQL queries, enabling an unauthenticated remote SQL injection that can disclose sensitive information in the con...
CVE-2020-15619
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...
CVE-2020-15614
CVE-2020-15614 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the cha parameter, where input is not properly validated before a system call, allowing an unauthenticated attacker to execute arbitrary code with root privileges. This has been disclosed in...
CVE-2020-15610
CVE-2020-15610 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in the file ajax_php_pecl.php where parsing the modulo parameter allows an attacker to execute arbitrary code with root privileges, without authentication. Multiple sources (ZDI-20-757, Red Hat, CNVD/CVE records) co...
CVE-2020-15433
CVE-2020-15433 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the phpversion parameter, which allows an unauthenticated attacker to execute arbitrary code with root privileges via a remote code execution vector. Multiple sources (including ZDI-20-750) ...
CVE-2020-15434
CVE-2020-15434 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerable component is ajax_php_pecl.php where the canal parameter is not properly validated before using it to execute a system call, enabling remote code execution with root privileges. Exploitation is possible without authentica...
CVE-2020-15435
The CVE-2020-15435 issue affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in ajax_dashboard.php where parsing the service_start parameter allows an attacker to construct a system call, enabling remote code execution with root privileges. It is exploitable remotely without authen...
CVE-2020-15430
This CVE (CVE-2020-15430) affects CentOS Web Panel, version cwp-e17.0.9.8.923. The vulnerability resides in ajax_list_accounts.php; the code path parsing the username parameter does not properly validate input before using it to execute a system call, allowing remote attackers to execute arbitrar...
CVE-2020-15429
CVE-2020-15429 affects CentOS Web Panel (cwp-e17.0.9.8.923). A flaw in ajax_crons.php allows remote command injection: when parsing the user parameter, the code does not properly validate the string before using it in a system call, enabling arbitrary code execution with root privileges. Authenti...
CVE-2020-15422
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...
CVE-2020-15421
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...
CVE-2020-9309
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...
Design/Logic Flaw
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...