threat
engine
.sh
Back
·
··:··
Home
/
Product
/
control webpanel
Product
control webpanel
86 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-48703
< 0.9.8.1205
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metachara
9.0
CRITICAL
CVE-2023-42123
all versions
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers
8.8
HIGH
CVE-2023-42122
all versions
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to
7.8
HIGH
CVE-2023-42121
all versions
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execut
9.8
CRITICAL
CVE-2023-42120
all versions
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attacker
8.8
HIGH
CVE-2022-44877
< 0.9.8.1147
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrar
9.8
CRITICAL
CVE-2021-45467
< 0.9.8.1107
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user
9.8
CRITICAL
CVE-2021-45466
< 0.9.8.1107
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&
9.8
CRITICAL
CVE-2022-25048
all versions
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
8.8
HIGH
CVE-2022-25047
all versions
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
5.9
MEDIUM
CVE-2022-25046
<= 0.9.8.1124
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST requ
9.8
CRITICAL
CVE-2021-31324
all versions
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code
9.8
CRITICAL
CVE-2021-31316
all versions
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
9.8
CRITICAL
CVE-2020-15628
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15627
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15626
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15625
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15624
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15623
all versions
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.92
9.8
CRITICAL
CVE-2020-15622
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15621
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15620
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15619
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15618
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15617
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15616
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17
7.5
HIGH
CVE-2020-15615
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15614
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15613
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15612
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15611
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15610
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15608
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15607
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15606
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15435
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15434
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15433
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15432
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15431
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15430
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15429
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15428
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15427
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15426
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15425
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15424
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15423
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15422
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15421
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.9
9.8
CRITICAL
CVE-2020-15420
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.8
9.8
CRITICAL
CVE-2020-10230
all versions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_
9.8
CRITICAL
CVE-2019-15235
>= 0.9.8.856 and <= 0.9.8.864
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNA
6.5
MEDIUM
CVE-2019-14782
>= 0.9.8.856 and <= 0.9.8.864
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name
6.5
MEDIUM
CVE-2019-16295
all versions
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This
4.6
MEDIUM
CVE-2019-14725
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail
4.3
MEDIUM
CVE-2019-14724
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail for
7.5
HIGH
CVE-2019-14730
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain fr
4.3
MEDIUM
CVE-2019-14729
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domai
4.3
MEDIUM
CVE-2019-14728
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forw
4.3
MEDIUM
CVE-2019-14727
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail
4.3
MEDIUM
CVE-2019-14726
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete
5.4
MEDIUM
CVE-2019-14723
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's
4.3
MEDIUM
CVE-2019-14722
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail f
4.3
MEDIUM
CVE-2019-14721
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target us
6.5
MEDIUM
CVE-2019-13476
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve ro
5.4
MEDIUM
CVE-2019-13599
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is val
5.3
MEDIUM
CVE-2019-13477
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the
8.8
HIGH
CVE-2019-13387
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows a
6.1
MEDIUM
CVE-2019-13385
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attacke
4.3
MEDIUM
CVE-2019-13359
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a sessio
7.5
HIGH
CVE-2019-13605
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login
8.8
HIGH
CVE-2019-13383
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is val
5.3
MEDIUM
CVE-2019-13360
all versions
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by le
9.8
CRITICAL
CVE-2019-12190
<= 0.9.8.747
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current
5.4
MEDIUM
CVE-2019-11429
all versions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulner
4.8
MEDIUM
CVE-2019-7646
<= 0.9.8.763
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" fie
4.8
MEDIUM
CVE-2018-18774
<= 0.9.8.740
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
6.1
MEDIUM
CVE-2018-18773
<= 0.9.8.740
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated b
8.8
HIGH
CVE-2018-18772
<= 0.9.8.740
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated
8.8
HIGH
CVE-2018-18324
all versions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the a
6.1
MEDIUM
CVE-2018-18323
all versions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?
7.5
HIGH
CVE-2018-18322
all versions
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php ser
9.8
CRITICAL
CVE-2018-5962
<= 0.9.8.12
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor mo
6.1
MEDIUM
CVE-2018-5961
<= 0.9.8.12
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the
module
value of the
index.php
file.
6.1
MEDIUM
CVE-2016-10043
all versions
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to
10.0
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin