Shodan
Vulnerabilities
Vulnerable Software
Control-Webpanel:  >> Webpanel  Security Vulnerabilities
CVE-2019-13360
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVSS Score
9.8
EPSS Score
0.273
Published
2019-07-16
CVE-2019-13383
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVSS Score
5.3
EPSS Score
0.207
Published
2019-07-16
CVE-2019-13605
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
CVSS Score
8.8
EPSS Score
0.049
Published
2019-07-16
CVE-2019-12190
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-21
CVE-2019-11429
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-05-13
CVE-2019-7646
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-03-26
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-11-20
CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
CVSS Score
6.1
EPSS Score
0.039
Published
2018-11-20
CVE-2018-18324
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVSS Score
6.1
EPSS Score
0.04
Published
2018-10-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved