Vulnerabilities > Control Webpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-10 | CVE-2019-14723 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | 4.3 |
| 2019-09-10 | CVE-2019-14722 | Unspecified vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | 4.3 |
| 2019-09-10 | CVE-2019-14721 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.851 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | 6.5 |
| 2019-08-21 | CVE-2019-13476 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.837 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | 5.4 |
| 2019-08-21 | CVE-2019-13599 | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | 5.3 |
| 2019-07-26 | CVE-2019-13387 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.846 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | 6.1 |
| 2019-07-26 | CVE-2019-13385 | Path Traversal vulnerability in Control-Webpanel Webpanel 0.9.8.840 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | 4.3 |
| 2019-07-16 | CVE-2019-13383 | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | 5.3 |
| 2019-05-21 | CVE-2019-12190 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | 5.4 |
| 2019-05-13 | CVE-2019-11429 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.753/0.9.8.793/0.9.8.807 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | 4.8 |