VYPR

Vendor CVEs

Centos Web Panel

All CVEs

82 total · sorted by risk
  • CVE-2018-5961MedJan 22, 2018
    risk 0.40cvss 6.1epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.

  • CVE-2025-48703KEVSep 19, 2025
    risk 0.18cvss epss 1.00

    CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.

  • CVE-2018-18323Oct 15, 2018
    risk 0.09cvss epss 0.71

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.

  • CVE-2021-31324May 18, 2021
    risk 0.07cvss epss 0.34

    The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.

  • CVE-2021-31316May 18, 2021
    risk 0.05cvss epss 0.13

    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.

  • CVE-2020-10230Mar 16, 2020
    risk 0.05cvss epss 0.15

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.

  • CVE-2019-13360Jul 16, 2019
    risk 0.05cvss epss 0.24

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.

  • CVE-2019-13383Jul 16, 2019
    risk 0.05cvss epss 0.14

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.

  • CVE-2019-13359Jul 16, 2019
    risk 0.04cvss epss 0.26

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.

  • CVE-2018-18322Oct 15, 2018
    risk 0.04cvss epss 0.15

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.

  • CVE-2020-15609Jul 28, 2020
    risk 0.03cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_stop…

  • CVE-2019-13605Jul 16, 2019
    risk 0.03cvss epss 0.15

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is…

  • CVE-2019-11429May 13, 2019
    risk 0.03cvss epss 0.06

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.

  • CVE-2019-10893Apr 18, 2019
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save…

  • CVE-2019-10261Apr 3, 2019
    risk 0.03cvss epss 0.02

    CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.

  • CVE-2019-7646Mar 26, 2019
    risk 0.03cvss epss 0.07

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.

  • CVE-2018-18772Nov 20, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.

  • CVE-2018-18774Nov 20, 2018
    risk 0.03cvss epss 0.05

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.

  • CVE-2018-18773Nov 20, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

  • CVE-2018-18324Oct 15, 2018
    risk 0.03cvss epss 0.03

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.

  • CVE-2019-14724Sep 11, 2019
    risk 0.01cvss epss 0.04

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.

  • CVE-2021-45466Dec 26, 2022
    risk 0.00cvss epss 0.55

    In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

  • CVE-2022-25047Jul 7, 2022
    risk 0.00cvss epss 0.02

    The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.

  • CVE-2020-15627Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…

  • CVE-2020-15628Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…

  • CVE-2020-15626Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term…

  • CVE-2020-15625Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the…

  • CVE-2020-15623Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo…

  • CVE-2020-15624Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the…

  • CVE-2020-15622Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…

  • CVE-2020-15621Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the…

  • CVE-2020-15620Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id…

  • CVE-2020-15619Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15617Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15618Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15616Jul 28, 2020
    risk 0.00cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-15615Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. The issue results from the…

  • CVE-2020-15614Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parameter,…

  • CVE-2020-15613Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line…

  • CVE-2020-15612Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin…

  • CVE-2020-15611Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the…

  • CVE-2020-15610Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the modulo…

  • CVE-2020-15608Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service…

  • CVE-2020-15606Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the…

  • CVE-2020-15607Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line…

  • CVE-2020-15435Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start…

  • CVE-2020-15434Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal…

  • CVE-2020-15433Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion…

  • CVE-2020-15431Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter,…

  • CVE-2020-15432Jul 28, 2020
    risk 0.00cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the…

Page 1 of 2