VYPR

Control Web Panel

by CWP

CVEs (3)

  • CVE-2022-44877CriKEVJan 5, 2023
    risk 0.87cvss 9.8epss 1.00

    login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

  • CVE-2021-45467CriDec 26, 2022
    risk 0.69cvss 9.8epss 0.71

    In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi…

  • CVE-2021-45466CriDec 26, 2022
    risk 0.68cvss 9.8epss 0.55

    In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.