Recent Posts

Pages: 1 2 3 [4] 5 6 ... 10
31
CentOS-WebPanel Bugs / Re: 🚨 CWP new security issue - and no communication
« Last post by cyberspace on July 06, 2026, 05:29:23 PM »
I know—you want to see a long list of entries in the changelog, right?

But I don't think you'll find anything more detailed than "security fixes" in the changelogs of cPanel or most other commercial control panels. It's common practice.
32
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Last post by cyberspace on July 06, 2026, 05:25:53 PM »
Well, sorry to say that you are the first known victim: https://forum.centos-webpanel.com/centos-webpanel-bugs/cwp-new-security-issue-and-no-communication

Don't mislead users. The links you provided point to pages describing vulnerabilities that affect Control Web Panel versions earlier than 0.9.8.1225.

The current CWP version is 0.9.8.1243.

So what's your point?

If you choose not to keep your system up to date, that's your responsibility. Also, just because a server was compromised doesn't mean it was hacked through a vulnerability in the control panel. The actual cause could just as easily be Joomla, WordPress, or some other software installed by the user. Don't you think that's a more reasonable assumption?

You're making a lot of noise.
33
CentOS-WebPanel Bugs / Re: 🚨 CWP new security issue - and no communication
« Last post by djprmf on July 06, 2026, 05:25:44 PM »
@cyberspace

You completly miss the point, don't you?
34
CentOS-WebPanel Bugs / Re: 🚨 CWP new security issue - and no communication
« Last post by cyberspace on July 06, 2026, 05:16:38 PM »
The links provided by you lead to the pages where we can find:

Affected software: Control Web Panel < 0.9.8.1225

The actual version of CWP is 0.9.8.1243

So ... ?
35
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Last post by djprmf on July 06, 2026, 04:33:43 PM »
36
CentOS-WebPanel Bugs / 🚨 CWP new security issue - and no communication
« Last post by djprmf on July 06, 2026, 04:29:11 PM »
As always... there is a new critical security vulnerability in CWP:
https://www.cve.org/CVERecord?id=CVE-2026-57517
https://ccb.belgium.be/advisories/warning-cve-2026-57517-cvss-98-blind-sql-injection-control-web-panel-lets

No info about it.
Along side, there are multiple updates done in the past few days with critical changes - and bugs - and NO ONE says anything about this.

There is a bug that wipe all the SSH keys on the servers - no dev says anything.
There is a CVE for a critical security issue - was silently patch and no one says nothing.
There is a new script that do whatever it does in any server, looking for a mysterious SSH key... and no info is provided about what is or what happend...

And of course: the forums are always down so no one can report anything. And the "excuse" is that is under a DDoS attack - of course, that is a excuse, since there is NO attack, and is a misconfigured server.

Along that:
Multiple updates with no changelog. Nothing. We only see numbers increase... and nothing being said about what is new, what changed or what was fixed. Silence.
Multiple bugs, introduced by the multiple updates without changelog, that have no fix.


And still, there are the same people here in the forum that defend everything, and say that the issue "is not CWP, is toxic user X or Y", or "everything is fine"...
Clearly, this is not fine. CWP have issues, for months. For months there have been reports and users telling that they just want to know what is happening...

We just want to hear: What is going on??

And still: no dev answers. Just the same users - most of them in a bubble that "everything is fine" - and providing danger info to any user that still is around here looking to know what is going on...
37
Other / Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Last post by cgauthey on July 06, 2026, 02:58:58 PM »
Hello, I think my server has been compromised by a backdoor.
Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0

The file READ-THIS-TO-RECOVER-YOUR-FILE.TXT
along with many other files—how do I fix these backdoors?
38
Updates / Re: Dev Team went rogue ?
« Last post by Martins-phpbb on July 06, 2026, 02:34:54 PM »
Does the rogue cwp team member drive an aston martin too ?
39
Updates / Re: Dev Team went rogue ?
« Last post by cgauthey on July 06, 2026, 06:32:16 AM »
I urgently passed the information on to José and shared this post with him; I think he will respond to this matter quickly—he has always stepped up, and he always will.
40
Other / Re: The CWPpro version 0.9.8.1239 update destroyed sshd and .ssh.
« Last post by emerysteele on July 06, 2026, 05:56:49 AM »
Pls fix
Pages: 1 2 3 [4] 5 6 ... 10