Remote Command Execution Vulnerability in aaPanel Software
CVE-2020-14950

8.8HIGH

Key Information:

Vendor: Aapanel
Status: Aapanel
Vendor: CVE Published:; 21 June 2020

What is CVE-2020-14950?

A security vulnerability in aaPanel, prior to version 6.6.6, enables remote authenticated users to execute arbitrary commands on the server by manipulating shell metacharacters in a specific request to the Software Store settings. This flaw could potentially be exploited to disrupt services by controlling service operations such as start, stop, or restart, leading to unauthorized actions within the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/jenaye/aapanel

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2020
Vulnerability Reserved
Jun 21, 2020

JSON

Aapanel

What is CVE-2020-14950?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.