Lucene search
MitreCVELIST:CVE-2021-45467HistoryDec 26, 2022 - 12:00 a.m.
CVE-2021-45467
2022-12-2600:00:00
mitre
www.cve.org
cwp
control web panel
unauthenticated
api key
vulnerability
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
Related
cve
cve
CVE-2021-45467
2022-12-26 05:15:10
thn
thn
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
2024-05-15 10:56:00
Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks
2022-01-22 04:04:00
prion
prion
Code injection
2022-12-26 05:15:00
nvd
nvd
CVE-2021-45467
2022-12-26 05:15:10
checkpoint_advisories
checkpoint_advisories
CWP Panel Remote Code Execution (CVE-2021-45467; CVE-2021-45466)
2022-02-27 00:00:00
threatpost
threatpost
Linux Servers at Risk of RCE Due to Critical CWP Bugs
2022-01-24 23:08:56
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
2022-04-22 10:56:16