File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMgt Commerce Cloudpanel
APPMgt-Commerce2.0.0 – 2.3.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Powiązane podatności
CVE-2023-35885CRITICAL9.8ten sam produkt
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
CVE-2024-24320HIGH8.8ten sam produkt
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to ...
CVE-2023-36630HIGH8.8ten sam produkt
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
CVE-2023-33747HIGH7.8ten sam produkt
CloudPanel v2.2.2 allows attackers to execute a path traversal.
CVE-2023-0391HIGH8.1ten sam produkt
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative in...