Aapanel : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2021-37840

aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).
Max CVSS
8.8
EPSS Score
0.29%
Published
2021-08-02
Updated
2021-08-10

CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
Max CVSS
8.8
EPSS Score
0.86%
Published
2020-06-21
Updated
2021-07-21

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
Max CVSS
9.0
EPSS Score
2.53%
Published
2020-06-18
Updated
2023-01-27
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close