Webpanel@* Security Vulnerabilities and Issues — Webpanel@* CVE List

Lucene search

Control-webpanelWebpanel*

13 matches found

CVE•added 2023/01/05 11:15 p.m.•581 views

CVE-2022-44877

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

9.8CVSS9.6AI score0.94434EPSS

CVE•added 2022/12/26 5:15 a.m.•82 views

CVE-2021-45466

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

9.8CVSS9.2AI score0.1662EPSS

CVE•added 2018/11/20 7:29 p.m.•81 views

CVE-2018-18773

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

8.8CVSS8.6AI score0.00481EPSS

CVE•added 2022/12/26 5:15 a.m.•78 views

CVE-2021-45467

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00...

9.8CVSS9.4AI score0.17243EPSS

CVE•added 2022/07/07 12:15 p.m.•77 views

CVE-2022-25046

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.

10CVSS9.4AI score0.01074EPSS

CVE•added 2018/11/20 7:29 p.m.•76 views

CVE-2018-18772

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

8.8CVSS8.7AI score0.00601EPSS

CVE•added 2018/11/20 7:29 p.m.•74 views

CVE-2018-18774

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.

6.1CVSS6.8AI score0.04485EPSS

CVE•added 2019/03/26 4:29 p.m.•58 views

CVE-2019-7646

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.

4.8CVSS4.8AI score0.00482EPSS

CVE•added 2019/12/17 4:15 p.m.•53 views

CVE-2019-14782

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the O...

6.5CVSS6.4AI score0.00419EPSS

CVE•added 2019/05/21 6:29 p.m.•45 views

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2019/12/17 4:15 p.m.•36 views

CVE-2019-15235

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and p...

6.5CVSS6.6AI score0.00419EPSS

CVE•added 2018/01/22 1:29 a.m.•35 views

CVE-2018-5962

index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.

6.1CVSS5.9AI score0.00328EPSS

CVE•added 2018/01/22 1:29 a.m.•34 views

CVE-2018-5961

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the module value of the index.php file.

6.1CVSS5.9AI score0.0033EPSS