Filtered by vendor Zpanel Project
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-10053 | 1 Zpanel Project | 1 Zpanel | 2025-08-04 | N/A |
| A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges. | ||||
| CVE-2013-2097 | 1 Zpanel Project | 1 Zpanel | 2024-11-21 | 7.8 High |
| ZPanel through 10.1.0 has Remote Command Execution | ||||
Page 1 of 1.