CVE-2020-14950

Name of the Vulnerable Software and Affected Versions aaPanel versions 6.6.6 and earlier

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified "/system?action=ServiceAdmin" request to the setting menu of Software Store. This can be achieved through start, stop, or restart actions.

Recommendations For versions 6.6.6 and earlier, consider disabling access to the "/system?action=ServiceAdmin" endpoint until a patch is available. Restrict the use of shell metacharacters in requests to minimize the risk of exploitation.