Vulnerabilities > MGT Commerce

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-24320 Path Traversal vulnerability in Mgt-Commerce Cloudpanel
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
network
low complexity
mgt-commerce CWE-22
8.8
2023-12-08 CVE-2023-46157 OS Command Injection vulnerability in Mgt-Commerce Cloudpanel
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
network
low complexity
mgt-commerce CWE-78
8.8
2023-06-25 CVE-2023-36630 Unrestricted Upload of File with Dangerous Type vulnerability in Mgt-Commerce Cloudpanel
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
network
low complexity
mgt-commerce CWE-434
8.8
2023-06-20 CVE-2023-35885 Reliance on Cookies without Validation and Integrity Checking vulnerability in Mgt-Commerce Cloudpanel
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
network
low complexity
mgt-commerce CWE-565
critical
9.8
2023-06-06 CVE-2023-33747 Path Traversal vulnerability in Mgt-Commerce Cloudpanel
CloudPanel v2.2.2 allows attackers to execute a path traversal.
local
low complexity
mgt-commerce CWE-22
7.8
2023-03-21 CVE-2023-0391 Use of Hard-coded Credentials vulnerability in Mgt-Commerce Cloudpanel
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel.
network
high complexity
mgt-commerce CWE-798
8.1