jenaye/aapanel

Releases0

Stars2

aapanel 6.6.6 - (Authenticated) Remote Code Execution

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-14950 ↗	Jun 21, 2020Sunday, 21 June 2020, 16:15	8.8 HIGH	6.5 MEDIUM
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
CVE-2020-14421 ↗	Jun 18, 2020Thursday, 18 June 2020, 13:15	7.2 HIGH	9 HIGH
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.