📦 Webpanel

CVE-2025-48703 allows unauthenticated attackers to execute arbitrary commands on CWP (Control Web Panel) servers by injecting shell metacharacters into the t_total parameter. This affects all CWP inst...

CVE-2023-42121 is a critical authentication bypass vulnerability in Control Web Panel that allows remote attackers to execute arbitrary code without authentication. This affects all systems running vu...

CVE-2022-25046 is a critical path traversal vulnerability in CentOS Web Panel (CWP) that allows unauthenticated attackers to execute arbitrary code on affected servers. Attackers can exploit this by s...

This SQL injection vulnerability in CentOS Web Panel's unprivileged user portal allows attackers to execute arbitrary SQL commands via the 'idsession' parameter. Successful exploitation can lead to re...

CVE-2021-31324 is a command injection vulnerability in CentOS Web Panel's unprivileged user portal that allows attackers to execute arbitrary commands with root privileges. This affects all CentOS Web...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on Control Web Panel installations. Attackers can exploit improper input validation in the m...

This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on Control Web Panel installations. The flaw exists in the dns_zone_editor module where user...

CVE-2022-25048 is a command injection vulnerability in CentOS Web Panel (CWP) that allows authenticated users to execute arbitrary commands with root privileges. This affects CWP installations where n...