Centos-Webpanel Centos Web Panel vulnerabilities
7 known vulnerabilities affecting centos-webpanel/centos_web_panel.
Total CVEs
7
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-48703P1CRITICALCVSS 9.0KEVPoCfixed in 0.9.8.12052025-09-19
CVE-2025-48703 [CRITICAL] CWE-78 CVE-2025-48703: CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
nvd
CVE-2020-15609P2CRITICALCVSS 9.8v17.0.9.8.9232020-07-28
CVE-2020-15609 [CRITICAL] CWE-78 CVE-2020-15609: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop parameter, the process does not properly validate a user-supplied string
nvd
CVE-2019-13386P3HIGHCVSS 8.8v0.9.8.8462019-07-26
CVE-2019-13386 [HIGH] CWE-863 CVE-2019-13386: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanage
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.
nvd
CVE-2019-10261P4MEDIUMCVSS 4.8PoCv0.9.8.7892019-04-03
CVE-2019-10261 [MEDIUM] CWE-79 CVE-2019-10261: CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
nvd
CVE-2019-10893P4MEDIUMCVSS 4.8PoCv0.9.8.753v0.9.8.7932019-04-18
CVE-2019-10893 [MEDIUM] CWE-79 CVE-2019-10893: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (P
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
nvd
CVE-2019-14246P3MEDIUMCVSS 6.5v0.9.8.8512019-08-21
CVE-2019-14246 [MEDIUM] CWE-639 CVE-2019-14246: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
nvd
CVE-2019-14245P3MEDIUMCVSS 6.5v0.9.8.8512019-08-21
CVE-2019-14245 [MEDIUM] CWE-639 CVE-2019-14245: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
nvd