Control-Webpanel Webpanel vulnerabilities
82 known vulnerabilities affecting control-webpanel/webpanel.
Total CVEs
82
CISA KEV
2
actively exploited
Public exploits
15
Exploited in wild
3
Severity breakdown
CRITICAL34HIGH23MEDIUM25
Vulnerabilities
Page 4 of 5
CVE-2019-13477P3HIGHCVSS 8.8v0.9.8.8372019-08-21
CVE-2019-13477 [HIGH] CWE-352 CVE-2019-13477: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function al
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.
nvd
CVE-2019-14724P3HIGHCVSS 7.5v0.9.8.8512019-09-11
CVE-2019-14724 [HIGH] CWE-639 CVE-2019-14724: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
nvd
CVE-2019-14721P3MEDIUMCVSS 6.5v0.9.8.8512019-09-10
CVE-2019-14721 [MEDIUM] CWE-639 CVE-2019-14721: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
nvd
CVE-2019-15235P3MEDIUMCVSS 6.5≥ 0.9.8.856, ≤ 0.9.8.8642019-12-17
CVE-2019-15235 [MEDIUM] CVE-2019-15235: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's sessio
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from C
nvd
CVE-2019-14782P3MEDIUMCVSS 6.5≥ 0.9.8.856, ≤ 0.9.8.8642019-12-17
CVE-2019-14782 [MEDIUM] CWE-532 CVE-2019-14782: CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.
nvd
CVE-2019-13476P4MEDIUMCVSS 5.4v0.9.8.8372019-08-21
CVE-2019-13476 [MEDIUM] CWE-79 CVE-2019-13476: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a lo
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
nvd
CVE-2022-25047P4MEDIUMCVSS 5.9v0.9.8.11262022-07-07
CVE-2022-25047 [MEDIUM] CWE-330 CVE-2022-25047: The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
nvd
CVE-2019-12190P4MEDIUMCVSS 5.4≤ 0.9.8.7472019-05-21
CVE-2019-12190 [MEDIUM] CWE-79 CVE-2019-12190: XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testa
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
nvd
CVE-2019-13599P4MEDIUMCVSS 5.3v0.9.8.8482019-08-21
CVE-2019-13599 [MEDIUM] CWE-203 CVE-2019-13599: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to c
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.
nvd
CVE-2019-14726P4MEDIUMCVSS 5.4v0.9.8.8512019-09-10
CVE-2019-14726 [MEDIUM] CVE-2019-14726: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.
nvd
CVE-2018-5962P4MEDIUMCVSS 6.1≤ 0.9.8.122018-01-22
CVE-2018-5962 [MEDIUM] CWE-79 CVE-2018-5962: index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id par
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
nvd
CVE-2018-5961P4MEDIUMCVSS 6.1≤ 0.9.8.122018-01-22
CVE-2018-5961 [MEDIUM] CWE-79 CVE-2018-5961: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of t
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
nvd
CVE-2019-13387P4MEDIUMCVSS 6.1v0.9.8.8462019-07-26
CVE-2019-13387 [MEDIUM] CWE-79 CVE-2019-13387: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (para
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.
nvd
CVE-2019-14727P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14727 [MEDIUM] CVE-2019-14727: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.
nvd
CVE-2019-14722P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14722 [MEDIUM] CVE-2019-14722: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.
nvd
CVE-2019-14723P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14723 [MEDIUM] CVE-2019-14723: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.
nvd
CVE-2019-14728P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14728 [MEDIUM] CVE-2019-14728: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.
nvd
CVE-2019-14729P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14729 [MEDIUM] CVE-2019-14729: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.
nvd
CVE-2019-14730P4MEDIUMCVSS 4.3v0.9.8.8512019-09-10
CVE-2019-14730 [MEDIUM] CVE-2019-14730: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.
nvd
CVE-2019-13385P4MEDIUMCVSS 4.3v0.9.8.8402019-07-26
CVE-2019-13385 [MEDIUM] CWE-22 CVE-2019-13385: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
nvd