RSS   Vulnerabilities for 'Aapanel'   RSS

2020-06-21
 
CVE-2020-14950

CWE-20
 

 
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.

 
2020-06-18
 
CVE-2020-14421

CWE-88
 

 
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

 


Copyright 2020, cxsecurity.com

 

Back to Top