CVE-2021-34257

Name of the Vulnerable Software and Affected Versions WPanel 4 versions 4.3.1 and below

Description The issue is related to the lack of restrictions on file uploads, allowing a remote attacker to execute arbitrary code by uploading a malicious PHP file. This can be done through various image upload features, including the Dashboard's Avatar image, Posts Folder image, Pages Folder image, and Gallery Folder image.

Recommendations For WPanel 4 versions 4.3.1 and below, consider disabling the image upload features for the Dashboard's Avatar, Posts Folder, Pages Folder, and Gallery Folder until a patch is available. Restrict access to these features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.