CVE-2020-15606 (centos_web_panel)

Posted by Cyberthreat Blog | Aug 3, 2020 | CVE Validated | 0 |

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9720.

CVE-2020-15606 (centos_web_panel)

About The Author

Cyberthreat Blog

Share This

Share This

CVE-2020-15606 (centos_web_panel)

About The Author

Cyberthreat Blog

Related Posts

CVE-2016-6433 (firepower_management_center)

CVE-2017-3318 (debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, mariadb, mysql)

CVE-2017-16347 (hub_firmware)

Share This

Share This