Caspertea

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the `ajax mail autoreply.php` file, specifically when parsing the `user` parameter. The process fails to properly validate a user-supplied string before using it to construct SQL queries, allowing an attacker to disclose information in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider restricting access to the `ajax mail autoreply.php` file until a patch is available. As a temporary workaround, avoid using the `user` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `ajax mod security.php` file, specifically when parsing the `check ip` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax mod security.php` file or restricting access to it until a patch is available. Additionally, avoid using the `check ip` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax mod security.php` file, specifically when parsing the `dominio` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax mod security.php` file or restricting access to it until a patch is available. Avoid using the `dominio` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax mod security.php` file, specifically when parsing the `domain` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax mod security.php` file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `domain` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax mod security.php` file and results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax mod security.php` file as a temporary workaround until a patch is available. Restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax migration cpanel.php` file, specifically when parsing the `serverip` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax migration cpanel.php` file until a patch is available. Restrict access to the `serverip` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `ajax disk usage.php` file. When parsing the `folderName` parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax disk usage.php` file until a patch is available. Restrict access to the `folderName` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax crons.php` file, specifically when parsing the `line` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax crons.php` file until a patch is available. Restrict access to the `ajax crons.php` file to minimize the risk of exploitation. Avoid using the `line` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `ajax crons.php` file. When parsing the `user` parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax crons.php` file until a patch is available. Restrict access to the `ajax crons.php` file to minimize the risk of exploitation. Avoid using the `user` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax list accounts.php` file, specifically when parsing the `username` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax list accounts.php` file or restricting access to it until a patch is available. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax crons.php` file, specifically when parsing the `user` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax crons.php` file until a patch is available. Restrict access to the `ajax crons.php` file to minimize the risk of exploitation. Avoid using the `user` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax migration cpanel.php` file, specifically when parsing the `filespace` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax migration cpanel.php` file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `filespace` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax php pecl.php` file, specifically when parsing the `phpversion` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax php pecl.php` file or restricting access to it until a patch is available. Avoid using the `phpversion` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `ajax php pecl.php` file, where the `canal` parameter does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax php pecl.php` file or restricting access to it until a patch is available. Avoid using the `canal` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the `ajax dashboard.php` file. When parsing the `service start` parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax dashboard.php` file or restricting access to the `service start` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax admin apis.php` file and results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling access to the `ajax admin apis.php` file until a patch is available to prevent potential code execution. Restrict access to system calls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax admin apis.php` file, specifically when parsing the `line` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax admin apis.php` file or restricting access to it until a patch is available. Avoid using the `line` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax dashboard.php` file, specifically when parsing the `ai service` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax dashboard.php` file or restricting access to it until a patch is available. Avoid using the `ai service` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax dashboard.php` file, specifically when parsing the `service stop` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, as a temporary workaround, consider disabling the `ajax dashboard.php` file or restricting access to the `service stop` parameter until a patch is available. Avoid using the `service stop` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CentOS Web Panel version cwp-e17.0.9.8.923 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the `ajax php pecl.php` file, specifically when parsing the `modulo` parameter. The process does not properly validate a user-supplied string before using it to execute a system call, allowing an attacker to execute code in the context of root. **Recommendations** For CentOS Web Panel version cwp-e17.0.9.8.923, consider disabling the `ajax php pecl.php` file or restricting access to it until a patch is available. Avoid using the `modulo` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.