CVE-2020-10230

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions for CentOS 6 and 7

Description The issue allows SQL Injection via the "/cwp {SESSION HASH}/admin/loader ajax.php" API endpoint, specifically through the term parameter. This enables potential attackers to inject malicious SQL code.

Recommendations For CentOS Web Panel versions for CentOS 6 and 7, consider restricting access to the "/cwp {SESSION HASH}/admin/loader ajax.php" API endpoint until a patch is available. As a temporary workaround, avoid using the term parameter in the affected API endpoint to minimize the risk of exploitation.