0.9.8.1083

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-05	CVE-2022-44877	OS Command Injection vulnerability in Control-Webpanel Webpanel login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. network low complexity control-webpanel CWE-78 critical	9.8
2022-12-26	CVE-2021-45466	Incorrect Authorization vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. network low complexity control-webpanel CWE-863 critical	9.8
2022-12-26	CVE-2021-45467	Unspecified vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. network low complexity control-webpanel critical	9.8
2022-07-07	CVE-2022-25046	Path Traversal vulnerability in Control-Webpanel Webpanel A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. network low complexity control-webpanel CWE-22 critical	9.8