Filtered by vendor Zpanel Project
Subscriptions
Filtered by product Zpanel
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-10053 | 1 Zpanel Project | 1 Zpanel | 2025-11-20 | N/A |
| A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges. | ||||
| CVE-2013-10052 | 2 Zpanel, Zpanel Project | 2 Zpanel, Zpanel | 2025-11-20 | N/A |
| ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo. | ||||
| CVE-2013-2097 | 1 Zpanel Project | 1 Zpanel | 2024-11-21 | 7.8 High |
| ZPanel through 10.1.0 has Remote Command Execution | ||||
Page 1 of 1.