Control-webpanel

Webpanel

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2020-15420

  • EPSS 2.06%
  • Veröffentlicht 28.07.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:31

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When ...

9.8

CVE-2020-10230

Exploit
  • EPSS 28.9%
  • Veröffentlicht 16.03.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:00

CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.

6.5

CVE-2019-14782

Exploit
  • EPSS 0.42%
  • Veröffentlicht 17.12.2019 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:20

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a re...

6.5

CVE-2019-15235

Exploit
  • EPSS 0.42%
  • Veröffentlicht 17.12.2019 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:28:15

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain ...

4.6

CVE-2019-16295

Exploit
  • EPSS 0.08%
  • Veröffentlicht 31.10.2019 21:15:13
  • Zuletzt bearbeitet 21.11.2024 04:30:28

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.

4.3

CVE-2019-14725

  • EPSS 0.21%
  • Veröffentlicht 11.09.2019 12:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:13

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.

7.5

CVE-2019-14724

  • EPSS 9.68%
  • Veröffentlicht 11.09.2019 12:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:13

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.

4.3

CVE-2019-14730

  • EPSS 0.58%
  • Veröffentlicht 10.09.2019 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:14

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.

5.5

CVE-2019-14729

  • EPSS 0.58%
  • Veröffentlicht 10.09.2019 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:14

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.

4.3

CVE-2019-14728

  • EPSS 0.58%
  • Veröffentlicht 10.09.2019 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:13

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.