Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webpanel
(Control\-Webpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 80 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-26 | CVE-2019-7646 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | Webpanel | 4.8 | ||
| 2019-05-13 | CVE-2019-11429 | CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | Webpanel | 4.8 | ||
| 2019-05-21 | CVE-2019-12190 | XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | Webpanel | 5.4 | ||
| 2019-07-16 | CVE-2019-13360 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | Webpanel | 9.8 | ||
| 2019-07-16 | CVE-2019-13383 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. | Webpanel | 5.3 | ||
| 2019-07-16 | CVE-2019-13605 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360. | Webpanel | 8.8 | ||
| 2019-07-16 | CVE-2019-13359 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | Webpanel | 7.5 | ||
| 2019-07-26 | CVE-2019-13385 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | Webpanel | 4.3 | ||
| 2019-08-21 | CVE-2019-13477 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | Webpanel | 8.8 | ||
| 2019-08-21 | CVE-2019-13599 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | Webpanel | 5.3 |