CVE-2020-37002

Name of the Vulnerable Software and Affected Versions Ajenti version 2.1.36

Description An authentication bypass allows remote attackers to execute arbitrary commands after a successful login. This is achieved by leveraging the '/api/terminal/create' endpoint to send a netcat reverse shell payload targeting a specific IP and port.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.