Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

CentOS Web Panel

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers.

Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.

Control Web Panel, previously CentOS Web Panel, is an open-source Linux control panel software used for deploying web hosting environments.

Automatic GitHub Backups

Specifically, the issue arises when two of the unauthenticated PHP pages used in the application — “/user/login.php” and “/user/index.php” — fail to adequately validate a path to a script file, according to Octagon Networks’ Paulos…


Source link

About hosting

Check Also

Marcia Clark, "Informants: Lawyer X" Leads Wondery Exhibit C Lineup – Bleeding Cool

Posted in: Audio Dramas, TV | Tagged: marcia clark, wondery Wondery announced new shows for …

Leave a Reply

Your email address will not be published. Required fields are marked *