Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webpanel
(Control\-Webpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 80 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-16 | CVE-2019-13605 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360. | Webpanel | 8.8 | ||
| 2019-07-16 | CVE-2019-13359 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | Webpanel | 7.5 | ||
| 2019-07-26 | CVE-2019-13385 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | Webpanel | 4.3 | ||
| 2019-08-21 | CVE-2019-13477 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | Webpanel | 8.8 | ||
| 2019-08-21 | CVE-2019-13599 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | Webpanel | 5.3 | ||
| 2019-08-21 | CVE-2019-13476 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | Webpanel | 5.4 | ||
| 2019-09-10 | CVE-2019-14721 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | Webpanel | 6.5 | ||
| 2019-09-10 | CVE-2019-14722 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | Webpanel | 4.3 | ||
| 2019-09-10 | CVE-2019-14723 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | Webpanel | 4.3 | ||
| 2019-09-10 | CVE-2019-14726 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. | Webpanel | 5.4 |