PT-2023-15565 · Monnai · Aapanel
Published
2023-02-02
·
Updated
2023-02-09
·
CVE-2022-48079
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Monnai aaPanel host system version 1.5
Description
The issue allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. This is due to an access control issue in the system.
Recommendations
For Monnai aaPanel host system version 1.5, consider restricting access to the virtual host directory to prevent uploading of crafted PHP files until a patch is available. As a temporary workaround, monitor the system for suspicious activity and consider disabling the ability to upload files to the virtual host directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aapanel