Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability
CVE-2023-42120

8.8HIGH

Key Information:

Vendor
CVE Published:
3 May 2024

What is CVE-2023-42120?

The dns_zone_editor module within Control Web Panel is susceptible to a command injection vulnerability, which allows remote attackers to execute arbitrary code. This issue arises from inadequate validation of user-supplied input before it is utilized in system calls. An authenticated attacker can exploit this flaw to execute commands with root privileges on the affected systems. Proper remediation should include validating inputs more rigorously to mitigate potential threats and protecting sensitive environments.

Affected Version(s)

Control Web Panel 0.9.8.1152

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.