Shodan
Vulnerabilities
Vulnerable Software
Control-Webpanel:  >> Webpanel  >> 0.9.8.851  Security Vulnerabilities
CVE-2022-44877
Known exploited
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS Score
9.8
EPSS Score
0.944
Published
2023-01-05
CVE-2021-45466
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
CVSS Score
9.8
EPSS Score
0.157
Published
2022-12-26
CVE-2021-45467
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
CVSS Score
9.8
EPSS Score
0.172
Published
2022-12-26
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-07-07
CVE-2019-14724
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
CVSS Score
7.5
EPSS Score
0.097
Published
2019-09-11
CVE-2019-14725
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-09-11
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10
CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-10
CVE-2019-14727
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10
CVE-2019-14728
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved