Skip to main content

Cloudpanel

6 CVEs product

Monthly

CVE-2024-24320 HIGH POC This Week

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2023-46157 HIGH This Week

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-36630 HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass Cloudpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-35885 CRITICAL POC THREAT Act Now

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
75.3%
CVE-2023-33747 HIGH POC This Week

CloudPanel v2.2.2 allows attackers to execute a path traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cloudpanel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0391 HIGH POC This Week

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD
CVSS 3.1
8.1
EPSS
0.6%
EPSS 4% CVSS 8.8
HIGH POC This Week

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Cloudpanel
NVD
EPSS 2% CVSS 8.8
HIGH This Week

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cloudpanel
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass +1
NVD GitHub
EPSS 75% CVSS 9.8
CRITICAL POC THREAT Act Now

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

CloudPanel v2.2.2 allows attackers to execute a path traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cloudpanel
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy