Vulnerabilities > Control Webpanel

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-15425 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-07-28 CVE-2020-15424 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-07-28 CVE-2020-15423 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-07-28 CVE-2020-15422 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-07-28 CVE-2020-15421 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-07-28 CVE-2020-15420 OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.891
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891.
network
low complexity
control-webpanel CWE-78
critical
9.8
2020-03-16 CVE-2020-10230 SQL Injection vulnerability in Control-Webpanel Webpanel
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
network
low complexity
control-webpanel CWE-89
critical
9.8
2019-12-17 CVE-2019-15235 Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account.
network
low complexity
control-webpanel CWE-532
6.5
2019-12-17 CVE-2019-14782 Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account.
network
low complexity
control-webpanel CWE-532
6.5
2019-10-31 CVE-2019-16295 Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.855
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter.
local
low complexity
control-webpanel CWE-79
4.6