VYPR

CentOS Web Panel

by Centos

CVEs (10)

  • CVE-2022-44877CriKEVJan 5, 2023
    risk 0.87cvss 9.8epss 1.00

    login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

  • CVE-2021-31316CriMay 18, 2021
    risk 0.65cvss 9.8epss 0.13

    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.

  • CVE-2020-15613CriJul 28, 2020
    risk 0.64cvss 9.8epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line…

  • CVE-2020-15420CriJul 28, 2020
    risk 0.64cvss 9.8epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter,…

  • CVE-2020-15627HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…

  • CVE-2020-15625HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the…

  • CVE-2020-15620HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id…

  • CVE-2020-15619HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15617HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15616HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…