Lucene search
+L

4 matches found

cve
cve
added 2023/01/05 12:0 a.m.651 views

CVE-2022-44877

CVE-2022-44877 affects CentOS Web Panel / Control Web Panel (CWP) 7 prior to 0.9.8.1147. The vendor’s login/index.php component is vulnerable to OS command injection via shell metacharacters in the login parameter, enabling remote code execution. Public templates and security feeds describe it as...

9.8CVSS9.6AI score0.99995EPSS
In wildWeb
cve
cve
added 2025/09/19 12:0 a.m.567 views

CVE-2025-48703

CWP (Control Web Panel) versions before 0.9.8.1205 are affected by an unauthenticated remote code execution vulnerability in filemanager/changePerm via shell metacharacters in t_total. Root cause: unsanitized input in t_total enables arbitrary code execution with a non-root user known. Impact is ...

9CVSS8.1AI score0.99589EPSS
In wildWeb
cve
cve
added 2022/12/26 12:0 a.m.100 views

CVE-2021-45466

CVE-2021-45466: In CWP (Control Web Panel/CentOS Web Panel) before 0.9.8.1107, a crafted request to api/?api=add_server&DHCP= can cause an authorized_keys file to be written under /resources/. This is a remote, unauthenticated exploit with high impact. CVE-2021-45467: In the same platform before ...

9.8CVSS9.2AI score0.55338EPSS
Web
cve
cve
added 2022/12/26 12:0 a.m.100 views

CVE-2021-45467

CWP (Control Web Panel / CentOS Web Panel) is affected by CVE-2021-45467 in versions before 0.9.8.1107. The issue is an unauthenticated null-byte (%00) injection in the scripts parameter of /user/loader.php (and /user/login.php) that can be exploited to register arbitrary API keys or access sensi...

9.8CVSS9.4AI score0.70947EPSS
Web