CtrlPanel
by Ctrlpanel Gg
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34234 | Cri | 0.65 | 10.0 | 0.01 | May 19, 2026 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and… | ||
| CVE-2025-25203 | Hig | 0.46 | 8.1 | 0.00 | Feb 11, 2025 | CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket… | ||
| CVE-2026-34233 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to… |
- risk 0.65cvss 10.0epss 0.01
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and…
- risk 0.46cvss 8.1epss 0.00
CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket…
- risk 0.42cvss 6.5epss 0.00
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to…