Vulnerabilities > Control Webpanel

DATE CVE VULNERABILITY TITLE RISK
2019-08-21 CVE-2019-13476 Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.837
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
network
low complexity
control-webpanel CWE-79
5.4
2019-08-21 CVE-2019-13599 Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.
network
low complexity
control-webpanel CWE-203
5.3
2019-08-21 CVE-2019-13477 Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel 0.9.8.837
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.
network
low complexity
control-webpanel CWE-352
8.8
2019-07-26 CVE-2019-13387 Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.846
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.
network
low complexity
control-webpanel CWE-79
6.1
2019-07-26 CVE-2019-13385 Path Traversal vulnerability in Control-Webpanel Webpanel 0.9.8.840
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
network
low complexity
control-webpanel CWE-22
4.3
2019-07-16 CVE-2019-13359 Unrestricted Upload of File with Dangerous Type vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
network
high complexity
control-webpanel CWE-434
7.5
2019-07-16 CVE-2019-13605 Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username.
network
low complexity
control-webpanel CWE-639
8.8
2019-07-16 CVE-2019-13383 Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
network
low complexity
control-webpanel CWE-203
5.3
2019-07-16 CVE-2019-13360 Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
network
low complexity
control-webpanel CWE-639
critical
9.8
2019-05-21 CVE-2019-12190 Cross-site Scripting vulnerability in Control-Webpanel Webpanel
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
network
low complexity
control-webpanel CWE-79
5.4