Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Control-webpanelWebpanel*

3 matches found

CVE
CVEadded 2022/12/26 5:15 a.m.82 views

CVE-2021-45466

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

9.8CVSS9.2AI score0.14186EPSS
CVE
CVEadded 2022/12/26 5:15 a.m.78 views

CVE-2021-45467

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00...

9.8CVSS9.4AI score0.17243EPSS
CVE
CVEadded 2022/07/07 12:15 p.m.77 views

CVE-2022-25046

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.

10CVSS9.4AI score0.01345EPSS