Aapanel : Security Vulnerabilities

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
Max Base Score
6.5
Published
2022-03-27
Updated
2022-04-04
EPSS
0.28%

CVE-2021-37840

aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).
Max Base Score
8.8
Published
2021-08-02
Updated
2021-08-10
EPSS
0.29%

CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
Max Base Score
8.8
Published
2020-06-21
Updated
2021-07-21
EPSS
0.86%

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
Max Base Score
9.0
Published
2020-06-18
Updated
2023-01-27
EPSS
2.13%
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close