VYPR

Panel

by Ctrlpanel Gg

Source repositories

CVEs (7)

  • CVE-2026-34234CriMay 19, 2026
    risk 0.65cvss 10.0epss 0.01

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and…

  • CVE-2026-34241HigMay 19, 2026
    risk 0.57cvss 8.7epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($newmessage) is stored directly in database notification…

  • CVE-2026-34358HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write…

  • CVE-2025-25203HigFeb 11, 2025
    risk 0.46cvss 8.1epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket…

  • CVE-2026-34216MedMay 19, 2026
    risk 0.43cvss 6.6epss 0.01

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation…

  • CVE-2026-34233MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to…

  • CVE-2026-34246MedMay 19, 2026
    risk 0.31cvss 4.8epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable() method…