CentOS Web Panel SQL Injection Vulnerability

CentOS Web Panel CWP is a free web-hosting control panel that makes it easy to manage multiple servers without having to access the server via SSH for every little task that needs to be done. A SQL injection vulnerability exists in CentOS Web Panel. The vulnerability can be exploited to conduct S...

PT-2020-11987 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions for CentOS 6 and 7 Description: The issue allows SQL Injection via the "/cwp SESSION HASH/admin/loader ajax.php" API endpoint, specifically through the term parameter. This enables potential attackers to inject...