Vendor CVEs
Centos Web Panel
All CVEs
82 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5961 | Med | 0.40 | 6.1 | 0.03 | Jan 22, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | ||
| CVE-2025-48703 | 0.18 | — | 1.00 | KEV | Sep 19, 2025 | CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known. | ||
| CVE-2018-18323 | 0.09 | — | 0.71 | Oct 15, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | |||
| CVE-2021-31324 | 0.07 | — | 0.34 | May 18, 2021 | The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. | |||
| CVE-2021-31316 | 0.05 | — | 0.13 | May 18, 2021 | The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. | |||
| CVE-2020-10230 | 0.05 | — | 0.15 | Mar 16, 2020 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | |||
| CVE-2019-13360 | 0.05 | — | 0.24 | Jul 16, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | |||
| CVE-2019-13383 | 0.05 | — | 0.14 | Jul 16, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | |||
| CVE-2019-13359 | 0.04 | — | 0.26 | Jul 16, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | |||
| CVE-2018-18322 | 0.04 | — | 0.15 | Oct 15, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. | |||
| CVE-2020-15609 | 0.03 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop… | |||
| CVE-2019-13605 | 0.03 | — | 0.15 | Jul 16, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is… | |||
| CVE-2019-11429 | 0.03 | — | 0.06 | May 13, 2019 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | |||
| CVE-2019-10893 | 0.03 | — | 0.03 | Apr 18, 2019 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save… | |||
| CVE-2019-10261 | 0.03 | — | 0.02 | Apr 3, 2019 | CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action. | |||
| CVE-2019-7646 | 0.03 | — | 0.07 | Mar 26, 2019 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||
| CVE-2018-18772 | 0.03 | — | 0.03 | Nov 20, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | |||
| CVE-2018-18774 | 0.03 | — | 0.05 | Nov 20, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | |||
| CVE-2018-18773 | 0.03 | — | 0.03 | Nov 20, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | |||
| CVE-2018-18324 | 0.03 | — | 0.03 | Oct 15, 2018 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | |||
| CVE-2019-14724 | 0.01 | — | 0.04 | Sep 11, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | |||
| CVE-2021-45466 | 0.00 | — | 0.55 | Dec 26, 2022 | In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. | |||
| CVE-2022-25047 | 0.00 | — | 0.02 | Jul 7, 2022 | The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. | |||
| CVE-2020-15627 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the… | |||
| CVE-2020-15628 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the… | |||
| CVE-2020-15626 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term… | |||
| CVE-2020-15625 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the… | |||
| CVE-2020-15623 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo… | |||
| CVE-2020-15624 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the… | |||
| CVE-2020-15622 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the… | |||
| CVE-2020-15621 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the… | |||
| CVE-2020-15620 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id… | |||
| CVE-2020-15619 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the… | |||
| CVE-2020-15617 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the… | |||
| CVE-2020-15618 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the… | |||
| CVE-2020-15616 | 0.00 | — | 0.04 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the… | |||
| CVE-2020-15615 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the… | |||
| CVE-2020-15614 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter,… | |||
| CVE-2020-15613 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line… | |||
| CVE-2020-15612 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin… | |||
| CVE-2020-15611 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the… | |||
| CVE-2020-15610 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo… | |||
| CVE-2020-15608 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service… | |||
| CVE-2020-15606 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the… | |||
| CVE-2020-15607 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line… | |||
| CVE-2020-15435 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start… | |||
| CVE-2020-15434 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal… | |||
| CVE-2020-15433 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion… | |||
| CVE-2020-15431 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter,… | |||
| CVE-2020-15432 | 0.00 | — | 0.08 | Jul 28, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the… |
- risk 0.40cvss 6.1epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
- risk 0.18cvss —epss 1.00
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
- CVE-2018-18323Oct 15, 2018risk 0.09cvss —epss 0.71
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
- CVE-2021-31324May 18, 2021risk 0.07cvss —epss 0.34
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
- CVE-2021-31316May 18, 2021risk 0.05cvss —epss 0.13
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
- CVE-2020-10230Mar 16, 2020risk 0.05cvss —epss 0.15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
- CVE-2019-13360Jul 16, 2019risk 0.05cvss —epss 0.24
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
- CVE-2019-13383Jul 16, 2019risk 0.05cvss —epss 0.14
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
- CVE-2019-13359Jul 16, 2019risk 0.04cvss —epss 0.26
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
- CVE-2018-18322Oct 15, 2018risk 0.04cvss —epss 0.15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
- CVE-2020-15609Jul 28, 2020risk 0.03cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop…
- CVE-2019-13605Jul 16, 2019risk 0.03cvss —epss 0.15
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is…
- CVE-2019-11429May 13, 2019risk 0.03cvss —epss 0.06
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
- CVE-2019-10893Apr 18, 2019risk 0.03cvss —epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save…
- CVE-2019-10261Apr 3, 2019risk 0.03cvss —epss 0.02
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
- CVE-2019-7646Mar 26, 2019risk 0.03cvss —epss 0.07
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
- CVE-2018-18772Nov 20, 2018risk 0.03cvss —epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
- CVE-2018-18774Nov 20, 2018risk 0.03cvss —epss 0.05
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
- CVE-2018-18773Nov 20, 2018risk 0.03cvss —epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
- CVE-2018-18324Oct 15, 2018risk 0.03cvss —epss 0.03
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
- CVE-2019-14724Sep 11, 2019risk 0.01cvss —epss 0.04
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
- CVE-2021-45466Dec 26, 2022risk 0.00cvss —epss 0.55
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
- CVE-2022-25047Jul 7, 2022risk 0.00cvss —epss 0.02
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
- CVE-2020-15627Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…
- CVE-2020-15628Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…
- CVE-2020-15626Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term…
- CVE-2020-15625Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the…
- CVE-2020-15623Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo…
- CVE-2020-15624Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the…
- CVE-2020-15622Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…
- CVE-2020-15621Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…
- CVE-2020-15620Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id…
- CVE-2020-15619Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…
- CVE-2020-15617Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…
- CVE-2020-15618Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…
- CVE-2020-15616Jul 28, 2020risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…
- CVE-2020-15615Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the…
- CVE-2020-15614Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter,…
- CVE-2020-15613Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line…
- CVE-2020-15612Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin…
- CVE-2020-15611Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the…
- CVE-2020-15610Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo…
- CVE-2020-15608Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service…
- CVE-2020-15606Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the…
- CVE-2020-15607Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line…
- CVE-2020-15435Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start…
- CVE-2020-15434Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal…
- CVE-2020-15433Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion…
- CVE-2020-15431Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter,…
- CVE-2020-15432Jul 28, 2020risk 0.00cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the…
Page 1 of 2