Vulnerabilities > MGT Commerce
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-14 | CVE-2024-24320 | Path Traversal vulnerability in Mgt-Commerce Cloudpanel Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. | 8.8 |
2023-12-08 | CVE-2023-46157 | OS Command Injection vulnerability in Mgt-Commerce Cloudpanel File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | 8.8 |
2023-06-25 | CVE-2023-36630 | Unrestricted Upload of File with Dangerous Type vulnerability in Mgt-Commerce Cloudpanel In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. | 8.8 |
2023-06-20 | CVE-2023-35885 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mgt-Commerce Cloudpanel CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. | 9.8 |
2023-06-06 | CVE-2023-33747 | Path Traversal vulnerability in Mgt-Commerce Cloudpanel CloudPanel v2.2.2 allows attackers to execute a path traversal. | 7.8 |
2023-03-21 | CVE-2023-0391 | Use of Hard-coded Credentials vulnerability in Mgt-Commerce Cloudpanel MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. | 8.1 |