CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...

Arbitrary File Deletion Vulnerability in Xingyunhai CMS v3.5

Xing Yunhai CMS XYHCMS is a completely open source CMS content management system, simple and easy to use. XYHCMS V3.5 version of the existence of arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete any file , such as deleting install.lock for CMS reinstallation ...

Reinstallation Logic Vulnerability in zzcmsV8.0

ZZCMS is a PHP-developed enterprise website builder. A reinstallation logic vulnerability exists in zzcmsV8.0. Due to a logic vulnerability in the judgment of the installation lock file install.lock, an attacker can exploit the vulnerability to reinstall the system and destroy the program...