Skip to main content
Websec Logo
Critical January 18, 2013

Multiple vulnerabilities in ZPanel 10.0.1

Several vulnerabilties were discovered in ZPanel 10.0.1 during our pro bono security audit. The ZPanel team has addressed these issues in version 10.0.2 and it is advised to upgrade.

CVSS Score

9.8 / 10.0

Severity

Critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advisory

ApplicationZPanel
Vulnerable Versions10.0.1 and earlier
Fixed In10.0.2

Background

ZPanel is a web-based hosting control panel that runs on Apache, PHP, and MySQL. It manages Apache, hMailServer, FileZilla Server, Postfix, Dovecot, ProFTPD, MySQL, PHP, Webalizer, RoundCube, phpMyAdmin, and phpSysInfo.

Description

Websec discovered multiple vulnerabilities in ZPanel 10.0.1 during a pro bono audit, including SQL injection, Cross-Site Scripting, arbitrary code execution, authentication bypass, and CSRF. The combined impact places a ZPanel-managed host fully under attacker control.

All findings were remediated in ZPanel 10.0.2. Operators of 10.0.1 or earlier should upgrade immediately.

Remediation

Upgrade to ZPanel 10.0.2.

Share this advisory:

Related Security Advisories

Stay informed about other recent vulnerabilities and security advisories

Critical December 18, 2014

Command Execution and Backdoor in Zhone GPON-2520

This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.

Severity:
CVSS: 9.8
View advisory
High May 22, 2014

Huawei HG8245 / HG8247 WPA Generator

Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).

Severity:
CVSS: 7.4
View advisory
High December 19, 2013

Arbitrary Command Execution in Alcatel-Lucent I-240W-Q

The Alcatel-Lucent I-240W-Q ONT's Diagnostics page does not filter shell metacharacters in the IP address field, allowing any authenticated administrator to execute arbitrary commands as root and fully compromise the device.

Severity:
CVSS: 8.0
View advisory
View All Advisories