Check this First : zPanel support team calls forum user "fucken little know it all" as he points out vulnerabilities. : netsec I really don't care that ZPanel is a free or even open-source project; that is not a valid excuse. The reality is that the ZPanel development team, in particular Bobby Allen, is acting highly irresponsible. He is putting hundreds, if not thousands of servers at risk, simply because he does not wish to admit that there are security problems and that they need fixing. I have heard every excuse under the sun from the development team. "We do this in our free time!", "It's an open-source project...", "Well, it's free!", "That's not really a vulnerability, people won't think to look there...", and so on. I really don't care. ZPanel developers, fix your shit. You have released ZPanel to the world and are promoting it as a professional panel, so give up your "hobby project" attitude. You can't have both. Either include a big fat disclaimer that ZPanel is known to be insecure, and it's a hobby project... or make it secure. In the meantime, I would advise everyone to stay far far away from anything running ZPanel. The developers do not care about your security.
Their Updates have stopped since 2014. Senators seems to be a fork of zPanel but I'm not sure if they have removed the vulnerabilities.