MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
8.1CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.311EPSS
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
8.8CVSS
9AI Score
0.001EPSS
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
8.8CVSS
9AI Score
0.001EPSS
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
8.8CVSS
7.7AI Score
0.001EPSS