CVE-2020-14421

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions aaPanel versions 6.6.6 and earlier

Description The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script Content box, which is part of the Add Cron Job functionality.

Recommendations For versions 6.6.6 and earlier, consider disabling the Add Cron Job feature or restricting access to the Script Content box until a patch is available. As a temporary workaround, restrict the use of the Script Content box to minimize the risk of exploitation.

Exploit

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2020-14421

Affected Products

Aapanel

CVE-2020-14421

Weakness Enumeration

Related Identifiers

Affected Products

References · 6