Mgt-commerce Cloudpanel
6 CVEs affecting Mgt-commerce Cloudpanel. Latest disclosed: 2024-06-14. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-35885 | Critical | 9.8 | 2023-06-20 | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. |
CVE-2024-24320 | High | 8.8 | 2024-06-14 | Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrar… |
CVE-2023-46157 | High | 8.8 | 2023-12-08 | File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing fil… |
CVE-2023-36630 | High | 8.8 | 2023-06-25 | In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. |
CVE-2023-0391 | High | 8.1 | 2023-03-21 | MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of Clou… |
CVE-2023-33747 | High | 7.8 | 2023-06-06 | CloudPanel v2.2.2 allows attackers to execute a path traversal. |