Vulnerabilities > Control Webpanel
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-28 | CVE-2020-15425 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
2020-07-28 | CVE-2020-15424 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
2020-07-28 | CVE-2020-15423 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
2020-07-28 | CVE-2020-15422 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
2020-07-28 | CVE-2020-15421 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
2020-07-28 | CVE-2020-15420 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.891 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. | 9.8 |
2020-03-16 | CVE-2020-10230 | SQL Injection vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | 9.8 |
2019-12-17 | CVE-2019-15235 | Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel 0.9.8.856/0.9.8.864 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. | 6.5 |
2019-12-17 | CVE-2019-14782 | Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel 0.9.8.856/0.9.8.864 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account. | 6.5 |
2019-10-31 | CVE-2019-16295 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.855 Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. | 4.6 |