## https://sploitus.com/exploit?id=SAINT:23B6A98FB5DD2D90F1BC64A38A9F6199
Added: 01/21/2026
### Background
Control Web Panel is a web hosting panel for Linux.
### Problem
A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter.
### Resolution
Upgrade to Control Web Panel 0.9.8.1209 or higher.
### References
https://seclists.org/fulldisclosure/2025/Dec/25
### Limitations
Softaculous and/or SitePad must be installed through the Scripts Manager in order for this exploit to succeed.
### Platforms
Linux