Control Web Panel Unauthenticated Remote Command Execution
Posted by deepcore on February 1, 2023 – 2:43 am
Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
Post a reply
You must be logged in to post a comment.