SQL Injection Vulnerability in EGavilan Media Under Construction Page with cPanel
CVE-2020-29472

9.8CRITICAL

Key Information:

Vendor: Egavilanmedia
Status: Under Construction Page With Cpanel
Vendor: CVE Published:; 24 December 2020

🔔 Create Egavilanmedia Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-29472?

The Under Construction Page with cPanel 1.0 from EGavilan Media is vulnerable to a SQL injection flaw, which could allow attackers to manipulate SQL queries and gain unauthorized access to the Admin Panel. Exploiting this vulnerability can lead to remote arbitrary code execution, compromising the security of the web application and potentially enabling the attacker to control the server. This highlights the need for vigilant web application security practices in order to protect against such injection attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-29472 - Proof of Concept

References

https://www.exploit-db.com/exploits/49150

x_refsource_MISC

https://systemweakness.com/cve-2020-29472-under-construct...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 24, 2020
👾
Exploit known to exist
Dec 24, 2020
Vulnerability published
Dec 24, 2020
Vulnerability Reserved
Dec 2, 2020

CVE-2020-29472 Data

JSON