Webpanel Security Vulnerabilities and Issues — Webpanel CVE List

Lucene search

Control-webpanelWebpanel

5 matches found

CVE•added 2019/07/16 6:15 p.m.•223 views

CVE-2019-13359

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.

8.5CVSS7.5AI score0.29151EPSS

CVE•added 2019/07/16 5:15 p.m.•170 views

CVE-2019-13605

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-...

8.8CVSS9.2AI score0.27295EPSS

CVE•added 2018/11/20 7:29 p.m.•81 views

CVE-2018-18773

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

8.8CVSS8.6AI score0.00481EPSS

CVE•added 2018/11/20 7:29 p.m.•76 views

CVE-2018-18772

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

8.8CVSS8.7AI score0.00601EPSS

CVE•added 2019/08/21 7:15 p.m.•42 views

CVE-2019-13477

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.

8.8CVSS8.7AI score0.00112EPSS