6 matches found
CVE-2023-35885
CloudPanel 2.x versions before 2.3.1 are vulnerable due to insecure file-manager cookie authentication, enabling remote code execution as root (CVSS 3.1: 9.8). Public disclosures and proof-of-concept tooling exist (Nuclei template for CVE-2023-35885; GitHub exploit). Affected product: CloudPanel;...
CVE-2023-33747
CloudPanel v2.2.2 (CVE-2023-33747) is documented as vulnerable to a path-traversal issue enabling local access and potential privilege escalation. Connected sources (e.g., PacketStorm’s CloudPanel 2.2.2 Privilege Escalation / Path Traversal) describe an exploit path related to clpctlWrapper and f...
CVE-2024-24320
CVE-2024-24320 describes a Directory Traversal in Mgt-commerce CloudPanel (versions 2.0.0–2.4.0 ). The vulnerability allows a remote attacker to obtain sensitive information and may execute arbitrary code through the service parameter of the load-logfiles function. Root cause is reported as direc...
CVE-2023-0391
CVE-2023-0391 affects MGT-COMMERCE CloudPanel. The issue: CloudPanel ships with a static SSL certificate (and private key) shared across all installations, observed in version 2.2.0. This enables fingerprintable certificates and allows an attacker with access to capture or decrypt HTTPS traffic t...
CVE-2023-36630
CVE-2023-36630 affects CloudPanel prior to version 2.3.1. The issue is insecure file upload that enables privilege escalation and authentication bypass. Documented impact aligns with high severity (C/H/I/A). The Red Hat/CNNVD/NVD entries corroborate the same description. A PoC is noted in the ADP...
CVE-2023-46157
CVE-2023-46157 affects MGT CloudPanel 2.0.0–2.3.2. The root cause is a vulnerability in File-Manager allowing OS command injection by a lowest-privilege user through altering file ownership and setting file permissions to 4755. The provided documents consistently describe this as the impact (comm...