Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.1AI score0.00821EPSS
Exploits2References1
CVE
CVE
added 2026/05/19 9:3 p.m.56 views

CVE-2026-34234

CVE-2026-34234 affects CtrlPanel (open-source hosting-provider billing) versions up to 1.1.1. The web installer at public/installer/index.php executes form handlers before install.lock gating and uses unsanitized user input in shell commands, enabling unauthenticated RCE. A PoC demonstrates a cra...

10CVSS6.2AI score0.00821EPSS
In wildExploits2References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:3 p.m.11 views

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.2AI score0.00821EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.25 views

PT-2026-42016

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...

10CVSS6.2AI score0.00821EPSS
Exploits2References8
Rows per page
Query Builder