cbcvebase.

Control-Webpanel Webpanel vulnerabilities

82 known vulnerabilities affecting control-webpanel/webpanel.

Total CVEs
82
CISA KEV
2
actively exploited
Public exploits
15
Exploited in wild
3
Severity breakdown
CRITICAL34HIGH23MEDIUM25

Vulnerabilities

Page 3 of 5
CVE-2023-42120P2HIGHCVSS 8.8v0.9.8.11522024-05-03
CVE-2023-42120 [HIGH] CWE-78 CVE-2023-42120: Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulner Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the dns_zone_editor module. The issue results from the la
nvd
CVE-2023-42123P2HIGHCVSS 8.8v0.9.8.11522024-05-03
CVE-2023-42123 [HIGH] CWE-78 CVE-2023-42123: Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerab Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the mysql_manager module. The issue results from the lack o
nvd
CVE-2019-13383P3MEDIUMCVSS 5.3PoCv0.9.8.8362019-07-16
CVE-2019-13383 [MEDIUM] CWE-203 CVE-2019-13383: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to c In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
nvd
CVE-2018-18774P3MEDIUMCVSS 6.1PoC≤ 0.9.8.7402018-11-20
CVE-2018-18774 [MEDIUM] CWE-79 CVE-2018-18774: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
nvd
CVE-2018-18324P3MEDIUMCVSS 6.1PoCv0.9.8.4802018-10-15
CVE-2018-18324 [MEDIUM] CWE-79 CVE-2018-18324: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_c CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
nvd
CVE-2020-15624P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15624 [HIGH] CWE-89 CVE-2020-15624: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string
nvd
CVE-2020-15616P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15616 [HIGH] CWE-89 CVE-2020-15616: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied str
nvd
CVE-2020-15622P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15622 [HIGH] CWE-89 CVE-2020-15622: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied str
nvd
CVE-2020-15621P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15621 [HIGH] CWE-89 CVE-2020-15621: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the process does not properly validate a user-supplied stri
nvd
CVE-2020-15627P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15627 [HIGH] CWE-89 CVE-2020-15627: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied st
nvd
CVE-2020-15618P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15618 [HIGH] CWE-89 CVE-2020-15618: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied st
nvd
CVE-2020-15625P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15625 [HIGH] CWE-89 CVE-2020-15625: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the username parameter, the process does not properly validate a user-supplied stri
nvd
CVE-2020-15626P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15626 [HIGH] CWE-89 CVE-2020-15626: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the process does not properly validate a user-supplied string bef
nvd
CVE-2020-15617P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15617 [HIGH] CWE-89 CVE-2020-15617: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the status parameter, the process does not properly validate a user-supplied stri
nvd
CVE-2020-15619P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15619 [HIGH] CWE-89 CVE-2020-15619: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the process does not properly validate a user-supplied string
nvd
CVE-2019-7646P4MEDIUMCVSS 4.8PoC≤ 0.9.8.7632019-03-26
CVE-2019-7646 [MEDIUM] CWE-79 CVE-2019-7646: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
nvd
CVE-2020-15628P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15628 [HIGH] CWE-89 CVE-2020-15628: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the process does not properly validate a user-supplied strin
nvd
CVE-2020-15620P3HIGHCVSS 7.5v0.9.8.9232020-07-28
CVE-2020-15620 [HIGH] CWE-89 CVE-2020-15620: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly validate a user-supplied string b
nvd
CVE-2019-11429P4MEDIUMCVSS 4.8PoCv0.9.8.753v0.9.8.793+1 more2019-05-13
CVE-2019-11429 [MEDIUM] CWE-79 CVE-2019-11429: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
nvd
CVE-2023-42122P3HIGHCVSS 7.8v0.9.8.11522024-05-03
CVE-2023-42122 [HIGH] CWE-78 CVE-2023-42122: Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerabi Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex
nvd
Control-Webpanel Webpanel vulnerabilities | cvebase