Muhammad Ikhsanudin

**Name of the Vulnerable Software and Affected Versions** Control Web Panel (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. The specific flaw exists within the dns zone editor module, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Authentication is required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Control Web Panel (CWP) (affected versions not specified) **Description** The issue is related to a lack of proper authentication in the web interface of Control Web Panel, allowing remote attackers to execute arbitrary code on affected installations. This can impact the confidentiality, integrity, and availability of protected information. The specific flaw exists within the implementation of authentication, resulting from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of a valid CWP user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Control Web Panel (affected versions not specified) **Description** The issue is related to the lack of proper validation of a user-supplied string before using it to execute a system call in the cwpsrv process, which listens on the loopback interface. This allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The exploitation can lead to the execution of arbitrary code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Control Web Panel versions (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. The specific flaw exists within the `mysql manager` module, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Authentication is required to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.