9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.3%
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-28657