Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS5.7AI score0.00532EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 8:31 p.m.15 views

CVE-2026-34216

CtrlPanel (open-source billing software) has a vulnerability in versions

6.6CVSS6AI score0.00532EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 8:31 p.m.36 views

CVE-2026-34216 CtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.php

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS0.00532EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 8:31 p.m.10 views

CVE-2026-34216 CtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.php

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS6AI score0.00532EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-42013

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...

6.6CVSS6AI score0.00532EPSS
Exploits0References6
Rows per page
Query Builder