VYPR

Cwp

by Control By Web

CVEs (4)

  • CVE-2022-44877KEVJan 5, 2023
    risk 0.23cvss epss 1.00

    login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

  • CVE-2018-18772Nov 20, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

  • CVE-2022-25048Jul 7, 2022
    risk 0.01cvss epss 0.18

    Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.

  • CVE-2022-25046Jul 7, 2022
    risk 0.00cvss epss 0.45

    A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.