IDCVSSSummaryLast (major) updatePublished
CVE-2020-10230 7.5
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
19-03-2020 - 20:40 16-03-2020 - 16:15
CVE-2019-12190 3.5
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
21-05-2019 - 18:59 21-05-2019 - 18:29
CVE-2018-18773 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
29-11-2018 - 18:45 20-11-2018 - 19:29
CVE-2018-18774 4.3
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
29-11-2018 - 14:21 20-11-2018 - 19:29
CVE-2018-5961 4.3
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
09-02-2018 - 18:14 22-01-2018 - 01:29
CVE-2018-18772 6.8
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
29-11-2018 - 18:44 20-11-2018 - 19:29
CVE-2019-7646 3.5
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
27-03-2019 - 12:47 26-03-2019 - 16:29
CVE-2018-5962 4.3
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
09-02-2018 - 20:15 22-01-2018 - 01:29
Back to Top Mark selected
Back to Top