CVE-2024-42922
- EPSS 5.17%
- Veröffentlicht 21.05.2025 00:00:00
- Zuletzt bearbeitet 21.05.2025 20:24:58
AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
CVE-2022-26252
- EPSS 2.58%
- Veröffentlicht 27.03.2022 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:53:38
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
CVE-2021-37840
- EPSS 0.4%
- Veröffentlicht 02.08.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:15:57
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the b...
CVE-2020-14950
- EPSS 2.68%
- Veröffentlicht 21.06.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:30
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
- EPSS 5.57%
- Veröffentlicht 18.06.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 05:03:13
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.