CVE-2020-28657

Published March 2nd, 2021

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.

blackarrowsec/advisories

Advisories and Proofs of Concept by BlackArrow

GitHub