Shodan
Vulnerabilities
Vulnerable Software
Control-Webpanel:  >> Webpanel  Security Vulnerabilities
CVE-2019-14729
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10
CVE-2019-14730
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-09-10
CVE-2019-14722
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10
CVE-2019-13476
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-21
CVE-2019-13477
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-21
CVE-2019-13599
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.
CVSS Score
5.3
EPSS Score
0.046
Published
2019-08-21
CVE-2019-13385
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
CVSS Score
4.3
EPSS Score
0.008
Published
2019-07-26
CVE-2019-13387
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.
CVSS Score
6.1
EPSS Score
0.032
Published
2019-07-26
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
CVSS Score
7.5
EPSS Score
0.292
Published
2019-07-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved