cbcvebase.

Control-Webpanel Webpanel vulnerabilities

82 known vulnerabilities affecting control-webpanel/webpanel.

Total CVEs
82
CISA KEV
2
actively exploited
Public exploits
15
Exploited in wild
3
Severity breakdown
CRITICAL34HIGH23MEDIUM25

Vulnerabilities

Page 2 of 5
CVE-2020-15614P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15614 [CRITICAL] CWE-78 CVE-2020-15614: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter, the process does not properly validate a user-supplied string before us
nvd
CVE-2020-15432P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15432 [CRITICAL] CWE-78 CVE-2020-15432: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the process does not properly validate a user-supplied st
nvd
CVE-2020-15608P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15608 [CRITICAL] CWE-78 CVE-2020-15608: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service parameter, the process does not properly validate a user-supplied string b
nvd
CVE-2020-15429P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15429 [CRITICAL] CWE-78 CVE-2020-15429: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before usin
nvd
CVE-2020-15430P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15430 [CRITICAL] CWE-78 CVE-2020-15430: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string
nvd
CVE-2020-15607P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15607 [CRITICAL] CWE-78 CVE-2020-15607: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before
nvd
CVE-2020-15420P2CRITICALCVSS 9.8v0.9.8.8912020-07-28
CVE-2020-15420 [CRITICAL] CWE-78 CVE-2020-15420: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter, the process does not properly validate a user-supplied string before usi
nvd
CVE-2020-15428P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15428 [CRITICAL] CWE-78 CVE-2020-15428: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before usin
nvd
CVE-2020-15424P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15424 [CRITICAL] CWE-78 CVE-2020-15424: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the domain parameter, the process does not properly validate a user-supplied string be
nvd
CVE-2020-15431P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15431 [CRITICAL] CWE-78 CVE-2020-15431: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before usin
nvd
CVE-2020-15613P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15613 [CRITICAL] CWE-78 CVE-2020-15613: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line parameter, the process does not properly validate a user-supplied string before
nvd
CVE-2018-18772P3HIGHCVSS 8.8PoC≤ 0.9.8.7402018-11-20
CVE-2018-18772 [HIGH] CWE-352 CVE-2018-18772: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?mod CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
nvd
CVE-2018-18773P3HIGHCVSS 8.8PoC≤ 0.9.8.7402018-11-20
CVE-2018-18773 [HIGH] CWE-352 CVE-2018-18773: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?mod CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
nvd
CVE-2022-25046P2CRITICALCVSS 9.8≤ 0.9.8.11242022-07-07
CVE-2022-25046 [CRITICAL] CWE-22 CVE-2022-25046: A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrar A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.
nvd
CVE-2020-15623P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15623 [CRITICAL] CWE-749 CVE-2020-15623: This vulnerability allows remote attackers to write arbitrary files on affected installations of Cen This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path pri
nvd
CVE-2023-42121P2CRITICALCVSS 9.8v0.9.8.11522024-05-03
CVE-2023-42121 [CRITICAL] CWE-306 CVE-2023-42121: Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability all Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authentication within the web interfa
nvd
CVE-2022-25048P2HIGHCVSS 8.8v0.9.8.11262022-07-07
CVE-2022-25048 [HIGH] CWE-78 CVE-2022-25048: Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the r Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
nvd
CVE-2020-15615P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15615 [CRITICAL] CWE-78 CVE-2020-15615: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the lack of proper validation of a user-supplied string before using it to ex
nvd
CVE-2020-15425P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15425 [CRITICAL] CWE-78 CVE-2020-15425: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The issue results from the lack of proper validation of a user-supplied string before using it to e
nvd
CVE-2020-15606P2CRITICALCVSS 9.8v0.9.8.9232020-07-28
CVE-2020-15606 [CRITICAL] CWE-78 CVE-2020-15606: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ce This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the lack of proper validation of a user-supplied string before using it to exe
nvd
Control-Webpanel Webpanel vulnerabilities | cvebase