Zpanel Project Zpanel vulnerabilities
3 known vulnerabilities affecting zpanel_project/zpanel.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2013-10053P2HIGHCVSS 8.7PoC≤ 10.0.0.22025-08-01
CVE-2013-10053 [HIGH] CWE-78 CVE-2013-10053: A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. W
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system com
nvd
CVE-2013-2097P2HIGHCVSS 7.8PoCv10.1.02020-02-12
CVE-2013-2097 [HIGH] CVE-2013-2097: ZPanel through 10.1.0 has Remote Command Execution
ZPanel through 10.1.0 has Remote Command Execution
nvd
CVE-2013-10052P3HIGHCVSS 8.5PoCv*2025-08-04
CVE-2013-10052 [HIGH] CWE-269 CVE-2013-10052: ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for a
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a wr
nvd