Vulnerabilities > Control Webpanel > Webpanel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-28 | CVE-2020-15614 | OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
| 2020-07-28 | CVE-2020-15615 | OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
| 2020-07-28 | CVE-2020-15623 | Exposed Dangerous Method or Function vulnerability in Control-Webpanel Webpanel 0.9.8.923 This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. | 9.8 |
| 2020-03-16 | CVE-2020-10230 | SQL Injection vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | 9.8 |
| 2019-07-16 | CVE-2019-13360 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | 9.8 |
| 2018-10-15 | CVE-2018-18322 | OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. | 9.8 |