Control-webpanel Webpanel
85 CVEs affecting Control-webpanel Webpanel. Latest disclosed: 2025-09-19. Critical: 37, High: 23.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-42121 | Critical | 9.8 | 2024-05-03 | Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected… |
CVE-2022-44877 | Critical | 9.8 | 2023-01-05 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metac… |
CVE-2021-45467 | Critical | 9.8 | 2022-12-26 | In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an ar… |
CVE-2021-45466 | Critical | 9.8 | 2022-12-26 | In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_ke… |
CVE-2022-25046 | Critical | 9.8 | 2022-07-07 | A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. |
CVE-2021-31324 | Critical | 9.8 | 2021-05-18 | The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. |
CVE-2021-31316 | Critical | 9.8 | 2021-05-18 | The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. |
CVE-2020-15623 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not requ… |
CVE-2020-15615 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15614 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15613 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15612 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15611 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15610 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15608 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15607 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15606 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15435 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15434 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |
CVE-2020-15433 | Critical | 9.8 | 2020-07-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not req… |