Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability
CVE-2023-42123
8.8HIGH
What is CVE-2023-42123?
A significant vulnerability exists in Control Web Panel, specifically within the mysql_manager module, which facilitates command injection leading to remote code execution. The flaw stems from inadequate validation of user-supplied input, allowing attackers to execute arbitrary system commands. This vulnerability necessitates authentication for exploitation, which implies that it can be leveraged by authenticated users to gain elevated privileges, potentially executing code in the context of the root user.
Affected Version(s)
Control Web Panel 0.9.8.1152
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
