Lucene search
K
Mgt-commerceCloudpanel

6 matches found

CVE
CVE
added 2023/06/20 12:0 a.m.109 views

CVE-2023-35885

CloudPanel 2.x versions before 2.3.1 are vulnerable due to insecure file-manager cookie authentication, enabling remote code execution as root (CVSS 3.1: 9.8). Public disclosures and proof-of-concept tooling exist (Nuclei template for CVE-2023-35885; GitHub exploit). Affected product: CloudPanel;...

9.8CVSS9.4AI score0.75315EPSS
In wild
CVE
CVE
added 2023/06/06 12:0 a.m.94 views

CVE-2023-33747

CloudPanel v2.2.2 (CVE-2023-33747) is documented as vulnerable to a path-traversal issue enabling local access and potential privilege escalation. Connected sources (e.g., PacketStorm’s CloudPanel 2.2.2 Privilege Escalation / Path Traversal) describe an exploit path related to clpctlWrapper and f...

7.8CVSS7.6AI score0.00469EPSS
CVE
CVE
added 2024/06/14 12:0 a.m.68 views

CVE-2024-24320

CVE-2024-24320 describes a Directory Traversal in Mgt-commerce CloudPanel (versions 2.0.0–2.4.0 ). The vulnerability allows a remote attacker to obtain sensitive information and may execute arbitrary code through the service parameter of the load-logfiles function. Root cause is reported as direc...

8.8CVSS7.7AI score0.04019EPSS
CVE
CVE
added 2023/03/21 7:25 p.m.65 views

CVE-2023-0391

CVE-2023-0391 affects MGT-COMMERCE CloudPanel. The issue: CloudPanel ships with a static SSL certificate (and private key) shared across all installations, observed in version 2.2.0. This enables fingerprintable certificates and allows an attacker with access to capture or decrypt HTTPS traffic t...

8.1CVSS8AI score0.00599EPSS
CVE
CVE
added 2023/06/25 12:0 a.m.59 views

CVE-2023-36630

CVE-2023-36630 affects CloudPanel prior to version 2.3.1. The issue is insecure file upload that enables privilege escalation and authentication bypass. Documented impact aligns with high severity (C/H/I/A). The Red Hat/CNNVD/NVD entries corroborate the same description. A PoC is noted in the ADP...

8.8CVSS9AI score0.00874EPSS
CVE
CVE
added 2023/12/08 12:0 a.m.32 views

CVE-2023-46157

CVE-2023-46157 affects MGT CloudPanel 2.0.0–2.3.2. The root cause is a vulnerability in File-Manager allowing OS command injection by a lowest-privilege user through altering file ownership and setting file permissions to 4755. The provided documents consistently describe this as the impact (comm...

8.8CVSS9AI score0.02317EPSS