CVE-2018-18322

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.480

Description The issue concerns Command Injection via shell metacharacters in the admin/index.php API endpoint, specifically in the service start, service restart, service fullstatus, or service stop parameters. This allows for potential command injection attacks.

Recommendations For version 0.9.8.480, consider disabling the service start, service restart, service fullstatus, and service stop parameters in the admin/index.php endpoint until a patch is available. Restrict access to the admin/index.php endpoint to minimize the risk of exploitation. Avoid using the service start, service restart, service fullstatus, and service stop parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-18322

Affected Products

Centos Web Panel

CVE-2018-18322

Weakness Enumeration

Related Identifiers

Affected Products

References · 6