Researchers have disclosed details of two critical security vulnerabilities in
Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as
CVE-2021-45467, the issue concerns a case of a
file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.
Control Web Panel, previously CentOS Web Panel, is an open-source Linux control panel software used for deploying web hosting environments.