Author Topic: 🚨 CWP new security issue - and no communication  (Read 48 times)

cyberspace, djprmf and 1 Guest are viewing this topic.

Online
*
As always... there is a new critical security vulnerability in CWP:
https://www.cve.org/CVERecord?id=CVE-2026-57517
https://ccb.belgium.be/advisories/warning-cve-2026-57517-cvss-98-blind-sql-injection-control-web-panel-lets

No info about it.
Along side, there are multiple updates done in the past few days with critical changes - and bugs - and NO ONE says anything about this.

There is a bug that wipe all the SSH keys on the servers - no dev says anything.
There is a CVE for a critical security issue - was silently patch and no one says nothing.
There is a new script that do whatever it does in any server, looking for a mysterious SSH key... and no info is provided about what is or what happend...

And of course: the forums are always down so no one can report anything. And the "excuse" is that is under a DDoS attack - of course, that is a excuse, since there is NO attack, and is a misconfigured server.

Along that:
Multiple updates with no changelog. Nothing. We only see numbers increase... and nothing being said about what is new, what changed or what was fixed. Silence.
Multiple bugs, introduced by the multiple updates without changelog, that have no fix.


And still, there are the same people here in the forum that defend everything, and say that the issue "is not CWP, is toxic user X or Y", or "everything is fine"...
Clearly, this is not fine. CWP have issues, for months. For months there have been reports and users telling that they just want to know what is happening...

We just want to hear: What is going on??

And still: no dev answers. Just the same users - most of them in a bubble that "everything is fine" - and providing danger info to any user that still is around here looking to know what is going on...
« Last Edit: Today at 04:39:46 PM by djprmf »

Online
***
Re: 🚨 CWP new security issue - and no communication
« Reply #1 on: Today at 05:16:38 PM »
The links provided by you lead to the pages where we can find:

Affected software: Control Web Panel < 0.9.8.1225

The actual version of CWP is 0.9.8.1243

So ... ?

Online
*
Re: 🚨 CWP new security issue - and no communication
« Reply #2 on: Today at 05:25:44 PM »
@cyberspace

You completly miss the point, don't you?

Online
***
Re: 🚨 CWP new security issue - and no communication
« Reply #3 on: Today at 05:29:23 PM »
I know—you want to see a long list of entries in the changelog, right?

But I don't think you'll find anything more detailed than "security fixes" in the changelogs of cPanel or most other commercial control panels. It's common practice.

Online
*
Re: 🚨 CWP new security issue - and no communication
« Reply #4 on: Today at 05:32:24 PM »
@cyberspace

Every single panel that i know provide a list of ALL the fixes made...
And even more, when there is a critical issue, most of the provide a full detail information of what is happening... not silence.

Do you need a example? Just look to the recent cPanel fiasco - the patch was not even lauched and there was a security notice in the blog providing FULL details about the issue... or just something that provide info to the users.
That IS common practice.

And answering your question: yes, i think me and anyone with any tech knowledge WANT to see a full changelog of everything that changed. In fact, here in Europe, is LAW... so...
« Last Edit: Today at 05:34:46 PM by djprmf »

Online
***
Re: 🚨 CWP new security issue - and no communication
« Reply #5 on: Today at 05:53:16 PM »
Your comparison makes me smile. Don't you think it isn't reasonable to compare cPanel ($40+/month) and CWP ($1/month if PRO license)  ?

I active cPanel user (admin) more than 20 years. It has a mail "bug". The bug is actively used by spammers if they have success to hack some outdated joomla,wordpress,prestashop... website. cPanel developers knows about it but they haven't fixed it. up to now. In their logic: this isn't a bug this is "feature" :)

Quote
And answering your question: yes, i think me and anyone with any tech knowledge WANT to see a full changelog of everything that changed. In fact, here in Europe, is LAW... so...

You make me smile again. Look here:
https://control-webpanel.com/about-us
(scroll down and look at "company").
Do you mean "Europe Union"  when you write "In fact, here in Europe" ? If so then I don't think Georgia is a part of EU and it means you have answer on your question about law in Europe )

Online
*
Re: 🚨 CWP new security issue - and no communication
« Reply #6 on: Today at 06:32:55 PM »
@cyberspace

Your answers just confirm what i have stated in the first reply... and a serious lack of knowledge...

Yes, dude. A USA company doesn't need to follow rules/law in other countries where the service is provided. /s
« Last Edit: Today at 06:37:40 PM by djprmf »