Vulnerabilities > Centos Webpanel

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-15609 OS Command Injection vulnerability in Centos-Webpanel Centos web Panel 17.0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
centos-webpanel CWE-78
critical
10.0
2019-08-21 CVE-2019-14246 Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
network
low complexity
centos-webpanel CWE-639
6.5
2019-08-21 CVE-2019-14245 Authorization Bypass Through User-Controlled Key vulnerability in Centos-Webpanel Centos web Panel 0.9.8.851
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
network
low complexity
centos-webpanel CWE-639
6.5
2019-07-26 CVE-2019-13386 Incorrect Authorization vulnerability in Centos-Webpanel Centos web Panel 0.9.8.846
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.
network
low complexity
centos-webpanel CWE-863
8.8
2019-04-18 CVE-2019-10893 Cross-site Scripting vulnerability in Centos-Webpanel Centos web Panel 0.9.8.753/0.9.8.793
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen.
3.5
2019-04-03 CVE-2019-10261 Cross-site Scripting vulnerability in Centos-Webpanel Centos web Panel 0.9.8.789
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
3.5