Vulnerabilities > Control Webpanel > Webpanel > 0.9.8.359
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2022-44877 | OS Command Injection vulnerability in Control-Webpanel Webpanel login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | 9.8 |
| 2022-12-26 | CVE-2021-45466 | Incorrect Authorization vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. | 9.8 |
| 2022-12-26 | CVE-2021-45467 | Unspecified vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. | 9.8 |
| 2022-07-07 | CVE-2022-25046 | Path Traversal vulnerability in Control-Webpanel Webpanel A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | 9.8 |
| 2019-05-21 | CVE-2019-12190 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | 5.4 |
| 2019-03-26 | CVE-2019-7646 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | 4.8 |
| 2018-11-20 | CVE-2018-18774 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | 6.1 |
| 2018-11-20 | CVE-2018-18773 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | 8.8 |
| 2018-11-20 | CVE-2018-18772 | Cross-Site Request Forgery (CSRF) vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | 8.8 |