VYPR
Vendor

Centos Web Panel

Products
2
CVEs
82
Across products
90
Status
Private

Products

2

Recent CVEs

82
View all 82 CVEs →
  • CVE-2018-5961MedJan 22, 2018
    risk 0.40cvss 6.1epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.

  • CVE-2025-48703KEVSep 19, 2025
    risk 0.18cvss epss 1.00

    CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

  • CVE-2018-18323Oct 15, 2018
    risk 0.09cvss epss 0.71

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.

  • CVE-2021-31324May 18, 2021
    risk 0.07cvss epss 0.34

    The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.

  • CVE-2021-31316May 18, 2021
    risk 0.05cvss epss 0.13

    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.

  • CVE-2020-10230Mar 16, 2020
    risk 0.05cvss epss 0.15

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.

  • CVE-2019-13360Jul 16, 2019
    risk 0.05cvss epss 0.24

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.

  • CVE-2019-13383Jul 16, 2019
    risk 0.05cvss epss 0.14

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.

  • CVE-2019-13359Jul 16, 2019
    risk 0.04cvss epss 0.26

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.

  • CVE-2018-18322Oct 15, 2018
    risk 0.04cvss epss 0.15

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.

  • CVE-2020-15609Jul 28, 2020
    risk 0.03cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop…

  • CVE-2019-13605Jul 16, 2019
    risk 0.03cvss epss 0.15

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is…

  • CVE-2019-11429May 13, 2019
    risk 0.03cvss epss 0.06

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.

  • CVE-2019-10893Apr 18, 2019
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save…

  • CVE-2019-10261Apr 3, 2019
    risk 0.03cvss epss 0.02

    CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.

  • CVE-2019-7646Mar 26, 2019
    risk 0.03cvss epss 0.07

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.

  • CVE-2018-18774Nov 20, 2018
    risk 0.03cvss epss 0.05

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.

  • CVE-2018-18772Nov 20, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

  • CVE-2018-18773Nov 20, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

  • CVE-2018-18324Oct 15, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.