Control Web Panel key parameter command injection

Added: 01/21/2026

Background

Control Web Panel is a web hosting panel for Linux.

Problem

A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter.

Resolution

Upgrade to Control Web Panel 0.9.8.1209 or higher.

References

https://seclists.org/fulldisclosure/2025/Dec/25

Limitations

Softaculous and/or SitePad must be installed through the Scripts Manager in order for this exploit to succeed.

Platforms

Linux

Back to exploit index