Control-webpanel

Webpanel

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2025-48703

Warnung Exploit
  • EPSS 39.88%
  • Veröffentlicht 19.09.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 14:07:33

CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

8.8

CVE-2023-42123

  • EPSS 1.27%
  • Veröffentlicht 03.05.2024 03:15:51
  • Zuletzt bearbeitet 09.08.2025 01:33:55

Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vul...

7.8

CVE-2023-42122

  • EPSS 0.17%
  • Veröffentlicht 03.05.2024 03:15:51
  • Zuletzt bearbeitet 09.08.2025 01:29:57

Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execut...

9.8

CVE-2023-42121

  • EPSS 1.17%
  • Veröffentlicht 03.05.2024 03:15:51
  • Zuletzt bearbeitet 09.08.2025 01:29:18

Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerab...

8.8

CVE-2023-42120

  • EPSS 1.77%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 09.08.2025 01:28:30

Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this v...

9.8

CVE-2022-44877

Warnung Exploit
  • EPSS 94.46%
  • Veröffentlicht 05.01.2023 23:15:09
  • Zuletzt bearbeitet 03.11.2025 18:54:56

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

9.8

CVE-2021-45466

Exploit
  • EPSS 4.21%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 14.04.2025 16:15:18

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

9.8

CVE-2021-45467

Exploit
  • EPSS 84.07%
  • Veröffentlicht 26.12.2022 05:15:10
  • Zuletzt bearbeitet 12.04.2025 01:15:14

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accou...

9

CVE-2022-25048

Exploit
  • EPSS 16.2%
  • Veröffentlicht 07.07.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:51:35

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.

5.9

CVE-2022-25047

Exploit
  • EPSS 0.35%
  • Veröffentlicht 07.07.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:51:35

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.