Centos · Centos Web Panel · CVE-2020-10230
**Name of the Vulnerable Software and Affected Versions**
CentOS Web Panel versions for CentOS 6 and 7
**Description**
The issue allows SQL Injection via the "/cwp {SESSION HASH}/admin/loader ajax.php" API endpoint, specifically through the `term` parameter. This enables potential attackers to inject malicious SQL code.
**Recommendations**
For CentOS Web Panel versions for CentOS 6 and 7, consider restricting access to the "/cwp {SESSION HASH}/admin/loader ajax.php" API endpoint until a patch is available. As a temporary workaround, avoid using the `term` parameter in the affected API endpoint to minimize the risk of exploitation.