Vulnerabilities > Control Webpanel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-28 | CVE-2020-15617 | SQL Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 7.5 |
| 2020-07-28 | CVE-2020-15616 | SQL Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 7.5 |
| 2019-09-11 | CVE-2019-14724 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | 7.5 |
| 2019-08-21 | CVE-2019-13477 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel 0.9.8.837 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | 8.8 |
| 2019-07-16 | CVE-2019-13359 | Unrestricted Upload of File with Dangerous Type vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | 7.5 |
| 2019-07-16 | CVE-2019-13605 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. | 8.8 |
| 2018-11-20 | CVE-2018-18773 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | 8.8 |
| 2018-11-20 | CVE-2018-18772 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | 8.8 |
| 2018-10-15 | CVE-2018-18323 | Path Traversal vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | 7.5 |