CVE-2024-44765
- EPSS 2.02%
- Veröffentlicht 08.11.2024 19:15:05
- Zuletzt bearbeitet 18.11.2024 14:35:03
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administ...
CVE-2024-24320
- EPSS 3.47%
- Veröffentlicht 14.06.2024 18:15:27
- Zuletzt bearbeitet 21.11.2024 08:59:09
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.
CVE-2023-46157
- EPSS 0.62%
- Veröffentlicht 08.12.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:28:00
File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
CVE-2023-36630
- EPSS 0.09%
- Veröffentlicht 25.06.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:10:07
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
CVE-2023-35885
- EPSS 94.12%
- Veröffentlicht 20.06.2023 20:15:09
- Zuletzt bearbeitet 09.12.2024 19:15:11
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
CVE-2023-33747
- EPSS 0.14%
- Veröffentlicht 06.06.2023 18:15:11
- Zuletzt bearbeitet 08.01.2025 16:15:31
CloudPanel v2.2.2 allows attackers to execute a path traversal.
CVE-2023-0391
- EPSS 0.12%
- Veröffentlicht 21.03.2023 20:15:11
- Zuletzt bearbeitet 26.02.2025 17:15:14
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the ...